Android/Zitmo.C!tr.spy
Analysis
Android/Zitmo.C!tr.spy is a trojan spyware that targets Android mobile phones.
One should be particularly cautious with this malware because it has been reported to
be propagated by the ZeuS botnet, presumably to steal banking mTANs (authentication codes).
This malicious application poses as a banking activation application:
In background, it listens to all incoming SMS messages and redirect them to a remote
website:
http://[REMOVED]ifty.com/security.jspThe contents of the SMS are posted by HTTP with the following format:
f0=ORIGINATING PHONE NUMBER&b0=SMS BODY&pid=IMEI
.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |