New Zeus Variant Targets Android Platform

Kara Reeder

According to, a new variant of the notorious bank account-stealing Zeus Trojan known as ZitMo, or "Zeus-in-the-Mobile," has been discovered on Android smartphones. The malware is disguised as a legitimate banking security application from Trusteer called Rapport, reports SC Magazine. In a blog post, senior Fortinet analyst Axelle Apvrille says:

In the background, it listens to all incoming SMS messages and forwards them to a remote web server. It's simple, but just enough for the ZeuS gang to grab your banking mTANs [mobile transaction authentication numbers] ...

InformationWeek explains the problem:

That's a security risk, as some banks now send mTANs ... via SMS. By intercepting these passwords, the Zeus-botnet-using criminal gang behind Zitmo can not only create fraudulent money transfers, but verify them.

To help protect customers from malware attacks, the Federal Financial Institutions Examination Council (FFIEC) has issued new rules for online security for financial institutions, which include the recommendation that banks use multi-factor authentication.


The discovery of ZitMo is the latest blow to the Android landscape, which has been plagued by Android-specific malware like the recent discovery of a new version of the "DroidDream Light" malware, as well as a new Android threat dubbed "HippoSMS."

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data