Zitmo Trojan disguised as security app

Zeus-in-the-mobile or in other words Zitmo for Android has came back, trying to go undercover as a security software for the mobile operating platform so Zitmo Trojan disguised as security app.

It tries to disguise as “Android Security Suite Premium” that after installation it will show an icon with a blue shield. If you run this app it will generate an activation code:

The unwary users think that they are protected but instead the malware app is collecting system data and text messages in order to send them to a remote server that has the URL encrypted in the body of the Trojan app.

Engineers from Kaspersky Lab have recently ckecked six of the apk files with malicious code and each and everyone of them had another c&c url embedded.

If you are to perform a whois search on each of the links you will discover that one of them was registered with fake data that can be tracked to other domains that were responsable with ZeuS c&c domains hosting, so the engineers concluded that these android malware are not just random stealing apps but are a variant of Zitmo trojan.

As we don’t know yet through what channels the Trojans came from we can assume that they were released from third-party Android online markets/