Industry News

German E-Banking Users Fall Victim to Mobile Banker Trojan

Berlin Police published a press report warning of fraudulent actions that involve scammers using mobile transaction authentication numbers or mTAN sent via SMS to perform illegal online banking transactions and unauthorized cash withdrawals.

All signs point to Zitmo, the only mobile Trojan known to date used by scammers to target people with smartphones with an Android operating system by intercepting mobile transaction authentication numbers.

For Zitmo to work, users’ PC must be infected with ZeuS to steal critical information such as phone model and phone number every time they visit a bank website. With people not using a secondary layer of security, this data would be enough for a scammer to clear victims’ bank accounts.

If however people rely on mTAN to secure their online transactions, scammers also need Zitmo to fetch for them the unique authentication number provided via SMS before performing the online money-related operation.

German Police explain how the scam works and encourage people to be extra vigilant with any official-looking “security update” recommendation that reaches them out of the blue. In this situation, the best practice would be to call the bank or, better yet, pay the financial institution a visit and check the claim. Once the money is withdrawn, it’s gone forever.

Installing a complete antivirus suite with a reliable antiphishing module will also defend users against such threats.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.


Click here to post a comment