There’s an interesting Windows+mobile case today involving a ZeuS variant that steals mTANs, using a Symbian (.sis) or Blackberry (.jad) component.
An mTAN is a mobile transaction authentication number, sent via SMS, and is used by some banks as a form of single use one-time password to authorize an online financial transaction. The SMS message may also include transaction data that allows you to ensure that nothing has been modified (via a Man-in-the-Browser attack).
Windows OS based online banking is constantly under attack from phishing, pharming, cross-site scripting, and password stealing trojans. Adding an “outside” device to the process is a useful security countermeasure; one that we thought might be technically challenging enough to dissuade any would-be attackers. However, online security is ever a cat-and-mouse game, and we’ve often predicted it’s only a matter of time before some banking trojan focused on phones.
Enter case Mitmo: S21sec, a digital security services company, posted on their blog on Saturday: ZeuS Mitmo: Man-in-the-mobile. The ZeuS variants they’ve discovered (which we detect as Trojan-Spy:W32/Zbot.PUA and PUB) ask for mobile phone details and then send an SMS with a download link based on the answers given by the victim.
We’ve analyzed the Symbian component (which we detect as Trojan:SymbOS/ZeusMitmo.A) and can confirm S21sec’s research. The Symbian file, cert.sis, calls itself “Nokia update” and is Symbian Signed for S60 3rd Edition mobile phones.
It is difficult to get the complete picture of this emerging threat vector as the C&C used by the Zbot.PUA is no longer online, but based on the analysis and their configuration files, this attack is not a one-off by some hobbyist. It’s been developed by individuals with an excellent understanding of mobile applications and social engineer. We expect that they’ll continue its development.
Cat-and-mouse continues.
On 27/09/10 At 04:42 PM
View full post on F-Secure Antivirus Research Weblog
Related Posts
- ZeuS Targets Mobile Users
As early as 2006, Trend Micro already recognized the fact that the BlackBerry technology could be exploited by cybercriminals. The smartphone may have remained spared from malware attacks over the yea... - New Banking Trojan Targeting ACH and Wire Payment Sites is Discovered
Over the past year, the SecureWorks Counter Threat Unit (CTU)(SM) has seen criminals continue to target Automated Clearing House (ACH) and wire transfer transactions for fraud activity, resulting in h... - Major mobile banking app security holes uncovered (Digital Trends)
Digital Trends - You might not want to check your bank account from your phone after all. Mobile apps from USAA, Chase, Wells Fargo, Bank of America, and TD Ameritrade have major security holes, repor... - Ukranian police arrest 5, targeting brains of Zeus botnet
Ukranian police on Thursday arrested five people thought to be the brains behind the Zeus malware.
View full post on Network World on Security... - Ukranian Police Arrest 5, Targeting Brains of Zeus Botnet (PC World)
PC World - Ukranian police on Thursday arrested five people thought to be the brains behind the Zeus malware.
View full post on Yahoo! News: Security News... - Update: Ukranian police arrest 5, targeting brains behind Zeus botnet
Ukranian police on Thursday arrested five people thought to be the brains behind the Zeus malware.
View full post on Computerworld Security News... - UK police notified of ongoing Zeus mobile attacks
A new variation of the Zeus banking malware that intercepts one-time passcodes on mobile phones is still transmitting data to hackers as of Wednesday, although U.K. police have been notified, accordin... - UK Police Notified of Ongoing Zeus Mobile Attacks (PC World)
PC World - A new variation of the Zeus banking malware that intercepts one-time passcodes on mobile phones is still transmitting data to hackers as of Wednesday, although U.K. police have been notifie... - UK police hear of more Zeus mobile attacks
A new variation of the Zeus banking malware that intercepts one-time passcodes on mobile phones is still transmitting data to hackers as of Wednesday, although U.K. police have been notified, accordin... - Ironkey looks to secure mobile, business banking
Cybercriminals are increasingly looking at business rather than consumer accounts to hack as banks scramble to shore up their defenses, according to an executive from vendor IronKey.
View full post...
Posted on 28 September 2010. Tags: Banking, Mobile, Targeting, Variants, Zeus
