Threat Encyclopedia

Android/Zitmo.C!tr.spy

description-logoAnalysis

Android/Zitmo.C!tr.spy is a trojan spyware that targets Android mobile phones. One should be particularly cautious with this malware because it has been reported to be propagated by the ZeuS botnet, presumably to steal banking mTANs (authentication codes).
This malicious application poses as a banking activation application:

In background, it listens to all incoming SMS messages and redirect them to a remote website:

http://[REMOVED]ifty.com/security.jsp
The contents of the SMS are posted by HTTP with the following format:
f0=ORIGINATING PHONE NUMBER&b0=SMS BODY&pid=IMEI

.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry