Results for zitmo

Threat Research

Backup Your Mobile Device, Save Your Money

The year of 2013 was named as The Menace Year mainly because of the rampant CryptoLocker, a nefarious ransomware that encrypts user files and demands for a ransom to be paid in order to decrypt these files. And before CryptoLocker were the unfashionable scareware programs such as FakeAV, which used scare tactics in order to convince the user to purchase the full version of the software. It did not take long before this Windows-based experience was applied to the Android platform. In the middle of 2013, the first representative scareware named...

By Dong XieJuly 13, 2014

Industry Trends

10 Years of Mobile Malware

2014 marks the 10th anniversary of Cabir, the world's first mobile phone malware. To mark this occasion, Fortinet's FortiGuard Labs is taking a stroll down memory lane to examine the evolution and significance of mobile threats during the last 10 years. From Cabir to FakeDefend, the last decade has seen the number of mobile malware explode. In 2013, Fortinet's FortiGuard Labs has seen more than 1,300 new malicious applications per day and is currently tracking more than 300 Android malware families and more than 400,000 malicious Android...

By Michael PernaJanuary 21, 2014

Threat Research

Eurograbber is Zitmo

Zitmo Attack Scenario - taken from my slides at ShmooCon, January 2011 Zitmo's attack scenario, taken from CheckPoint's and VerSafe's white paper (Dec 2012) Recently, Check Point and Versafe published a white paper on a mobile banking trojan they named Eurograbber. In fact, this is not new, it is called Zitmo, and s21sec, and Fortinet (and others !) have been talking about it for nearly two years. In January 2011, Kyle Yang and I presented full details of Zitmo at ShmooCon: the attack scenario, the syntax of commands, the processing of incoming...

By Axelle ApvrilleDecember 07, 2012

Threat Research

Zitmo timeline.

Feel free to browse through our Zitmo timeline. Please note that variant naming depends on many factors including but not limited to chronology. Hence variant letters (.A) don't always reflect the order of appearance in the wild.

By Karine de PontevesNovember 19, 2012

Threat Research

Controlling Android / Zitmo by SMS commands

A new sample of Zitmo is out, pretending to be an Android Security Suite. Like others in Zitmo, the malware is a SMS spy: it forwards incoming SMS message to a remote server. This particular sample responds to a few basic SMS commands we have reversed. In the following video, we show one of these commands in action: a SMS whose body is "/" and followed by a phone number sets up a new phone number for the spy. Then, all future incoming SMS are also forwarded to that phone number. For more information, we have written a detailed description of...

By Axelle ApvrilleJune 21, 2012

Threat Research

Android/Zitmo: an update

This is a short update to our prior post concerning Zitmo on Android. Is this really Zitmo? This fake Trusteer malware shows several differences with prior Symbian variants, but, for simplicity (and because it's easy to remember), we call it Zitmo. This does not mean this variant was written by the same authors (no proof on that account, one way or another) nor that it has exactly the same technical functionalities or even, depending on naming policies, the same name among AV vendors, but what we mean is that this sample was propagated by ZeuS...

By Axelle ApvrilleJuly 18, 2011

Threat Research

Zitmo hits Android

Zitmo has been used by the ZeuS gang to defeat SMS-based banking two-factor authentication on Symbian, BlackBerry and Windows Mobile for a several months (see my ShmooCon slides). Lately, there's been an active discussion on technical forums regarding ZeuS targetting Android users. We finally managed to get our hands on the mobile sample the ZeuS PC trojans are propagating. Actually, it is not a new sample and has been detected under several names (Android.Trojan.SmsSpy.B, Trojan-Spy.AndroidOS.Smser.a, Andr/SMSRep-B), but it is far more scary when...

By Axelle ApvrilleJuly 08, 2011

Threat Research

What's new in Zitmo.B?

Zitmo is a mobile malware Fortinet has particularly been focusing on since the beginning (see our first blog post and my presentation at ShmooCon 2011) as it is one of the first palpable signs organized criminals show interest in infecting mobile phones. As you may know (see F-Secure and Kaspersky's blog posts), it is unfortunately back, with a new version. So, technically speaking, what's new? it now supports Windows Mobile phones too. Not only Symbian (there was rumors concerning a BlackBerry version - never confirmed). the default phone number...

By Axelle ApvrilleFebruary 23, 2011

Threat Research

Shmoocon 2011 talk: Defeating mTANs for Profit

Tomorrow starts the quite famous - and ever sold-out - security conference Shmoocon, held in Washington DC until Sunday. The keynote this year will be filled by Peiter Mudge Zatko, inventor of L0phtcrack and early pioneer of buffer overflows. Among the talks filling the tri-tracks program (Build it / Break it / Bring it on), we're glad to find our Crypto Girl, Axelle, who will present a paper she co-wrote with Kyle Yang (another regular poster on this blog) on the infamous mobile phone malware Zitmo, that we discovered (simultaneously with Spanish...

By Guillaume LovetJanuary 27, 2011

Threat Research

Hidden feature in Android spyware

A few days ago, an application named 'SMS Replicator Secret' was pulled out of the Android market. Like many other spyware of its kind, it silently forwarded incoming SMS messages to a configurable phone number, the official idea being to spy on your girlfriend. I don't like these types of 'applications' (women solidarity? next time advertise it as spying your boyfriend ;), even if they are meant as jokes, because one day they will end up in the wrong hands and do much more damage than expected. The recent Zitmo malware is a perfect illustration...

By Axelle ApvrilleNovember 12, 2010