A strain of the notorious bank account-hijacking Zeus Trojan has been found on Android smartphones, a discovery that could have devastating effects for Android's millions of customers.
Researchers at the security firm Fortinet found that cybercriminals are using a fake banking authentication app to spread a variant of Zeus (or Zbot), the infamous Trojan designed to steal one-time passwords sent by banks to authenticate mobile transactions.
The rogue banking application appears to be part of Trusteer's Rapport software, which, in its legitimate form, confirms that users are securely logged in to their bank's online portal.
However, unbeknownst to new Android victims, "In the background, [Zeus] listens to all incoming SMS messages and forwards them to a remote Web server," Fortinet wrote.
From there, Zeus criminals can use the intercepted online banking credentials in any number of ways, including draining the victims' accounts.
Zeus' presence in the Android landscape is yet another damaging blow to Android users' safety.
Over the past few months, a crop of Android-specific malware has sprung up in the official Android App Market, including DroidDream, a Trojan that steals sensitive data from phones and is also capable of downloading malicious code to phones from remote servers.
Coupled with the news that Android malware rose 400 percent from last year, according to the IT company Juniper Networks, Android smartphone users may be faced with a whole new set of problems if the Zeus Trojan continues to spread.