Security firm Fortinet says Zeus, which hijacks bank accounts, is now being used by criminals "to steal one-time passwords sent by banks to authenticate mobile transactions."
The attack comes via Trusteer's Rapport software, which is used to confirm that users are securely logged into their bank's online site.
"In the background, [Zeus] listens to all incoming SMS messages and forwards them to a remote Web server," says Fortinet.
Criminals can then steal money or other credentials from within the portal.
For now, if you do not use a protective app like AVG or Lookout, simply don't log into your bank from your Android device.
Written by: Andre Yoskowitz @ 14 Jul 2011 14:58