Android/Zitmo.C!tr.spy

description-logoAnalysis

Android/Zitmo.C!tr.spy is a trojan spyware that targets Android mobile phones. One should be particularly cautious with this malware because it has been reported to be propagated by the ZeuS botnet, presumably to steal banking mTANs (authentication codes).
This malicious application poses as a banking activation application:

In background, it listens to all incoming SMS messages and redirect them to a remote website:

http://[REMOVED]ifty.com/security.jsp
The contents of the SMS are posted by HTTP with the following format:
f0=ORIGINATING PHONE NUMBER&b0=SMS BODY&pid=IMEI

.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2022-06-21 90.03451
2022-06-21 90.03450
2022-06-20 90.03445
2022-06-20 90.03444
2019-08-05 70.49200 Sig Updated
2019-08-05 70.49100 Sig Added
2019-04-02 67.50700 Sig Updated
2019-04-02 67.50600 Sig Added