According to Sean Sullivan, a security researcher with F-Secure, users of the Windows Mobile platform are being hit by a variant of ZeuS that steals mobile transaction authorisation numbers (mTANs) using a Symbian (.sis) or Blackberry (.jad) component.
Although still quite rare in the UK – and so far used by Citibank's Egg operation and Sainsbury's Bank, Infosecurity notes – mTANs are increasingly used by European banks, using mobiles to receive an mTAN via text message.
These mTANs are then used on a 'click-through' basis to authorise a given mobile banking transaction.
In a security blog posting, Sullivan notes that Windows OS-based online banking is constantly under attack from phishing, pharming, cross-site scripting, and password stealing trojans.
"Adding an 'outside' device to the process is a useful security countermeasure; one that we thought might be technically challenging enough to dissuade any would-be attackers. However, online security is ever a cat-and-mouse game, and we've often predicted it's only a matter of time before some banking trojan focused on phones", he said.
Citing an online news report from s21sec, the digital security services firm, Sullivan says that the new variant of ZeuS is called Mitmo, short for man-in-the-mobile.
"The ZeuS variants they've discovered (which we detect as Trojan-Spy:W32/Zbot.PUA and PUB) ask for mobile phone details and then send an SMS with a download link based on the answers given by the victim", he said.
"We've analysed the Symbian component (which we detect as Trojan:SymbOS/ZeusMitmo.A) and can confirm S21sec's research. The Symbian file, cert.sis, calls itself 'Nokia update' and is Symbian Signed for S60 3rd Edition mobile phones", he added.
It is difficult to get the complete picture of this emerging threat vector as the C&C used by the Zbot.PUA is no longer online, but based on the analysis and their configuration files, this attack is not a one-off by some hobbyist, he explained.
Sullivan notes that the malware appears to have been developed by individuals with an excellent understanding of mobile applications and social engineering.