Android.ZBot in virus library:

A banking Trojan family for Android mobile devices intended to steal logins and passwords to access online banking services using fake authorization forms. The Trojans of this family also covertly steal money from users’ bank accounts. The Android.ZBot malware can be downloaded under the guise of a benign program once a user visits fraudulent or hacked websites, or another malicious application can download it to a device.

The Trojans can execute the following actions:

• Send an SMS with a specific text to a specified number
• Make phone calls
• Send text messages to all user’s contacts
• Intercept incoming SMS messages
• Track the current GPS coordinates
• Display a special dialog on top of a specified application

The server sends instructions to the Android.ZBot Trojans that specify the applications on top of which a phishing message is to be shown. Then they periodically begin to check whether the corresponding applications are running. Once one of such applications is launched, the banking Trojans create a special input form, the content of which is downloaded from the server, and display it on top of the application. Such fake dialogs often imitate authorization forms of online banking applications. Logins and passwords that were entered by a user are sent to the command and control server. If the victim tries to close the bogus dialog, the Android.ZBot Trojans redirect the user to the home screen creating an illusion that this prompt really belongs to the corresponding legitimate application.