The Latest in IT Security

Android/Zitmo: an update


This is a short update to our prior post concerning Zitmo on Android.

Is this really Zitmo?

This fake Trusteer malware shows several differences with prior Symbian variants, but, for simplicity (and because it’s easy to remember), we call it Zitmo.

This does not mean this variant was written by the same authors (no proof on that account, one way or another)
nor that it has exactly the same technical functionalities or even, depending on naming policies, the same name among AV vendors, but what we mean is that this sample was propagated by ZeuS PC trojans – which is all that matters from an end-user perspective…

Denis Maslennikov proves it in his blog post where he shows Win32 ZeuS configuration files with modified Trusteer web pages. This is confirmed by our own research too: we decrypted a ZeuS configuration file and found the Trusteer-related injected pages.

Also, note that another Android Zitmo sample was discovered and fakes a Kaspersky anti-virus. We detect that sample as Android/Zitmo.D!tr.spy.

– the Crypto Girl

Kyle Yang and Alexandre Aumoine contributed to this research.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments