Kaspersky finds mobile versions of the Zeus trojan posing as fake Android security software
Android’s security concerns have been the primary focus of an on-going debate for a while now. Google has been trying to fend off malicious app developers, with the introduction of a new security system called “Bouncer”, but we have still seen over 5,000 malicious apps already in just the first quarter of 2012.
In what is a further cause for concern, Kaspersky Labs Expert Denis Maslennikov has uncovered a fake Android security application that steals incoming SMS messages from infected devices. In a blog post, he wrote that he discovered at least 6 files that go under the name “Android Security Suite Premium,” but are in fact malicious apps that aim to steal incoming SMS messages, that are then uploaded to a remote server. He also mentions that these apps can receive commands to uninstall themselves, steal system information, and enable or disable apps.
Granted, the existence of apps with similar functionality is nothing new. In fact, while a lot of us tend to overlook the permissions required by apps when we download them from the Google Play Store, many apps request permissions to send/receive SMS messages from our device.
Only this time, with the latest threat, there is cause for further concern, as, according to Maslennikov:
- The files that were heuristically detected by Kaspersky’s engine as “HEUR:Trojan-Spy.AndroidOS.Zitmo.a.” Zitmo (Zeus in the mobile) apps are the mobile versions of the infamous Zeus trojan that steals private banking information.
- With a lot of banks implementing mobile-based security systems, the goal of Zitmo apps is to steal mobile authorization numbers that customers receive from their banks via SMS.
Kaspersky researchers are still trying to determine how the malicious Android Security Suite Premium app is being distributed. From past experience with other Zitmo apps, it may be distributed as a fake security update that appears to be “recommended” by your bank’s mobile site, so that is definitely something you need to watch out for.
Mobile authentication systems and mobile banking have been growing in popularity since their introduction, because of their ease of use and convenience. While helpful, consumers who use these products and applications certainly need to be a lot more careful.
We recommended that you download apps only from the Google Play Store. Even then, you should evaluate thoroughly the “permissions” required by any app you download, and also take a look at user reviews for an indication as to whether an app is trustworthy or not.
Of course, be extra vigilant if you ever need to download third party apps for any reason.