News

04:22 PM
Connect Directly
RSS
E-Mail
50%
50%

Zeus-Based Malware Targets Mobile Banking

Network security provider Fortinet has announced the discovery of mobile malware that can defeat the two-factor authentication most banks require of customers to confirm transfers of funds initiated online by their end users (and that thwarts Zeus-style attacks of online banking users).

Although I'm leery of gleeful announcements of security threats made by companies that stand to profit from them, the description of the new malware in a blog on Fortinet's site is detailed and rings true.

The new threat is an extension of the type of Zeus botnet attacks that are a recurring nightmare for banks.

The new malware, which has been named SymbOS/Zitmo.A!tr (Zitmo stands for "Zeus In The MObile"), is aimed at intercepting confirmation text messages banks send their customers. A Zeus attack steals a user's online username and password along with his mobile phone number. It sends an SMS with a link to malicious code to the mobile phone, the link installs a malicious application on the phone that is capable of sending certain commands to the bank, such as "set admin" and "add sender."

The cyber criminals can then send an "add sender" command and divert any SMS credential the bank sends to a victim over to the cyber-criminals who can use it to log on to the bank account.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.