New Android botnet Identified

The botnet - if that is the right word - is Zitmo, or Zeus in the mobile, which was written to run on the Android operating system.

This, says the report, allows the malware to continue its expansion across mobile platforms beyond the Windows Mobile, Symbian and Blackberry operating systems.

"The first variant of Zitmo on Symbian OS (SymbOS/Zitmo.Altr) was found in September 2010 and was based on commercial, Russian spyware for Symbian 3rd and 5th editions (SMS Monitor Lite)", says the report.

The bad news, however, is that the study goes on to say that the malware has evolved and is now capable of intercepting two-factor authentication that banks use to validate the identity of the account holder when logging in.

Even if a mobile user does not rely on the two-factor authentication method for banking activities, the report notes that Zitmo can forward and spy on all SMS messages, making it a valid threat.

But it’s not all Android, as in late July, Fortinet says its FortiGuard Labs research operation observed a surge of activity from the W32/Exchanger trojan downloader.

This, says the firm, downloaded and installed ten different malware families within the course of a day onto the lab's test system.

"This type of rapid mass infection can cause a system to become unstable and ultimately crash", says the report.

Derek Manky, Fortinet's senior security strategist, said that most infections we see like this in our labs serve a similar purpose to W32/Exchanger and are known in the digital underground as loaders.

"Loaders are botnets with simple functionality. They report status, such as uptime, operating system version, geographic location, etc., and receive download commands from their controllers", he explained.

These statistics, says Manky, assist cybercriminals when it comes to managing their infections, bill customers for installing malware on a given number of systems and provide reports to their clients as a quality of service metric.

What’s hot on Infosecurity Magazine?