Well, it’s been a whole two months since something about Zeus crossed my computer screen, so I suppose it's about time that the pesky and dangerous piece of malware popped up again. Last time it was Zeus in the cloud. This time it is a piece of Android malware, disguising itself as a security app.
It is easy to see how one can get duped by this malicious app. It’s called Android Security Suite Premium and first appeared in early June — with newer versions released already (it is still June, isn’t it?). According to PC World:
The new Zeus malware steals incoming text messages and sends them to command-and-control servers operated by the attackers. Depending on the apps installed on the Android device, the text could include sensitive data, such as password-reset links.
The PC World piece goes on to point out one of the greatest risks of this new Zeus variant. Yes, it is still dangerous and will steal banking data; however, employees tend to be unaware of security threats that may lurk on their mobile devices, according to a survey from Checkpoint released earlier this year. The survey also found that 71 percent of IT pros believe mobile devices contributed to an increase in security incidents, 72 percent believe careless employees are a greater risk to company security than outside threats and 47 percent reported that company data is stored on those devices.
It is employee unawareness that makes the news about the new Zeus malware more troubling. Computer users have been duped by FakeAV on their computers for some time. Most folks already have trouble telling the difference between a legitimate app and a malicious one. A malicious app called Android Security Suite Premium has disaster written all over it. According to PC World, the Zeus malware can inject pop-up ads into banking websites, so:
In a similar way, the Android Security Suite Premium might be advertised as a free Android security product offered by the victim's bank.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
As Kaspersky Lab senior malware analyst Denis Maslennikov, who first reported on the malware, pointed out, this isn’t scareware like typical FakeAV but malware that is going to do real damage and steal money from bank accounts. It’s time to make sure employees are aware of the risks with this new Zeus variant.