ZeuS Strikes Back on Mobile Bankers

A new variant of the ZeuS banking malware is targeting consumers who use their mobile phones to get two-factor authentication from ING Bank Slaski in Poland. This attack is similar to one that has occurred in Spain last September, according to researchers from the antivirus provider F-Secure.

The ZeuS Mitmo trojan plugs in a fake field into Web pages prompting users for their cell phone number and the type of handset they use. Then the attacker sends the user an SMS message with a link to the malware that works with their specific device (e.g., BlackBerry or Symbian). So far, ZeuS is not targeted for iPhone; but it is uncertain whether it is able to target Android-based phones.

Reported by The Register,

The attacks are a potent reminder of the cat-and-mouse game that's regularly played between criminal enterprises and the financial institutions they prey on. ING tuned to mTANs as a means to combat keyloggers ZeuS and other trojans use to compromise their customers' accounts. ZeuS is now attempting to strike back with a mobile version of the malware.