Security vendor F-Secure has come across a fresh variant on the Zeus Trojan that it said could be targeting mobile banking users.
According to a blog post from the firm, the hack seems designed to steal Mtans, which are one time mobile transaction numbers used by banks. The firm warned that the variant could be used to steal these Mtans from a Windows OS based phone using either a Symbian, .sis, or Blackberry, .jad, component
F-Secure was following up on an earlier security announcement from another set of researchers.
"S21sec, a digital security services company, posted on their blog on Saturday [about the attack]," F-Secure noted.
"The ZeuS variants they've discovered (which we detect as Trojan-Spy:W32/Zbot.PUA and PUB) ask for mobile phone details and then send an SMS with a download link based on the answers given by the victim."
Infecting the user's mobile device in this way means the cyber criminals can intercept any one-time transaction numbers used to authenticate in online banking.
F-Secure said that it was difficult to get a handle on the attack, because the command and control channel used by the Trojan is no longer online.
"This attack is not a one-off by some hobbyist" it warned. "It's been developed by individuals with an excellent understanding of mobile applications and social engineer. We expect that they'll continue its development. [The game of] Cat-and-mouse continues."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago