Olivier Le Moal - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Zeus malware is back with a new target: Mobile devices

Zeus malware is back with a new target -- mobile devices. Expert Nick Lewis explains how Zeus-in-the-mobile differs from traditional Zeus and how to defend against it.

I've heard that a new variant of Zeus -- Zeus-in-the-mobile -- has begun targeting smartphones and other mobile devices. Can you please explain how this variant is different than the original Zeus? Are the defense strategies different?

Zeus has plagued desktops and laptops for at least the past seven years, infecting them and then using them to commit financial crimes. Zeus-in-the-mobile is relatively new form of Zeus malware that is used to attack smartphones to commit these same crimes. The malware is used in conjunction with a compromised desktop or laptop system to steal one-time passwords generated on the smartphone. Getting the malware on a smartphone may be more difficult, but many people assume their smartphones are secure and don't think a malicious application could be installed.

While app stores and the different security models on mobile devices have the significant potential to help secure users from malware and other threats, smartphones and other devices are still going to require careful use with the current vetting models. If malware like Zeus masquerading as a legitimate application enters the trusted apps stores of Google or Apple, users will assume the app is legitimate because they downloaded it from the app store. In fact, targeting the app store is attractive to attackers because it is one of weakest links. Trusteer found this out the hard way when it discovered the new variant of Zeus (Zeus-in-the-mobile) was using the Trusteer brand to trick people into thinking a malicious app was legitimate. Zeus-in-the-mobile is designed to steal one-time passwords sent via SMS messages for banking accounts and financial websites.

In the case of Trusteer, the company could monitor app stores for applications it didn't publish itself. This would need to be something every vendor does itself at this point since current app stores don't necessarily check if Trusteer is the same as Trustee or even if it's the legitimate Trusteer. This task might be difficult for vendors to do, though, so the responsibility lies in the hands of the users.

To defend against Zeus-in-the-mobile -- or any malware that comes from app stores -- users should review every app and its details, especially permissions, prior to downloading, and only download known, legitimate apps. Trusteer also points out that if the smartphone had its software installed, this would have prevented the infection; using antimalware software on mobile devices can greatly cut down the chances of falling victim to a mobile malware attack.

Ask the Expert!
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)

This was last published in October 2014

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

So the idea of generating OTPs is good, but is not great if your mobile is infected with Zeus (Mobile Malware).

A user can also have settings which disable Background Traffic Data, Untick Install from Mock Locations as well as Disable Unknown Sources.

Using a good antivirus like Mc**** (which I found to detect some malware) is an ok antivirus to start with...... or you can go with any antivirus (but check the reviews etc prior to downloading it)

Let's hope we can detect these viruses & work towards eliminating these malwares before they create havoc!

Though it is a lot less fun, and tends to bring cries of "walled garden", there is a lot to be said about making sure that you are 100% sure that the apps downloaded come from trusted sources. I'm curious to see if the idea of running a sandboxed mobile application environment (like Opera Mobile Emulator) will become a more common practice.