Zeus targets mobile banking authentication


A Zeus Trojan has been created designed to acquire authentication numbers from mobile phones to complete banking transactions.

Even if hackers manage to gain access to a bank account by obtaining a username and password, in some cases they will still require an mTAN - a mobile transaction authentication number, sent via SMS.

In this case, however, a Zeus variant was seen launching a webpage during online banking processes, where the user was forced to enter information about their mobile phone, including its model and number.

Then an SMS was sent to the online banker containing a link purporting to be for a security download, when in reality it was for a malicious application.

Once installed, the app monitored all incoming text messages, including those from a bank, allowing the cyber criminals to get hold of the mTAN.

The findings were initially made public by S21sec, a digital security services company, but now F-Secure has backed the research.

The malicious application can run on BlackBerry and Symbian devices. In the latter case, the malicious file is sold as a "Nokia update" and affects S60 3rd Edition mobile phones, F-Secure said.

S21sec said it has been in contact with mobile providers to help identify infected phones.

Having analysed the Zeus variant, it appears to be the work of people with "an excellent understanding" of mobile applications and social engineering, F-Secure added.

Sean Sullivan, F-Secure's chief security advisor, said his firm believes a number of customers will have been infected in Spain, as this is where the Trojan was identified, but he is interested to see if similar attacks hit the UK and elsewhere.

"I think [S21sec has] found this actually by backtracking from banking customers," Sullivan explained to IT PRO.

"I think the goal [was to] hit a number of key accounts, target some prime accounts that actually have hundreds of thousands."

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.