Fortinet (News - Alert) is reporting a brand new Zeus Trojan malware piece – likely aimed at intercepting confirmation Short Message Service (SMS) sent by banks to their customers – has been found on mobile phones.

Fortinet, a network security provider, explained that the Zeus network tricks its victims to get the phone number and phone model of its infected victims.

Based on that info, it sends an SMS with a link to the appropriate version of the malicious package. For example, it would send a Symbian (News - Alert) package for Symbian phones or a BlackBerry Jar for BlackBerry phones, etc., according to the report.

This malicious package is still under investigation, but it is believed to be aimed at defeating SMS-based, two-factor authentication that most banks implement to confirm transfers of funds initiated online by their end users, and that currently impede the plunging of infected users’ online accounts by Zeus masters.

The Zeus banking Trojan has traditionally targeted Windows-based computers, according to media reports. It either lures the victim to click on a malicious link in an e-mail or lures the victim to a Web site hosting the malware, so that the bank log-in credentials can be stolen, according to the media reports.

Mobile phone users should monitor their bank accounts and mobile SMS charges, the company said.

In addition, AMEinfo.com said that Axelle Apvrille, senior mobile antivirus analyst and researcher from Fortinet's FortiGuard Labs, provided details on how the attack operates:

1. The user's password and username are caught via Zeus Trojan on the PC.
2. Zeus Trojan gets the user's phone number by injecting a malicious form in the user's browser.
3. An SMS is sent, providing a link to a "certificate" required to be installed. This downloadable package contains Zitmo (the « mobile » part of Zeus Trojan).
4. Once the installation is done, the malware operation is completed.