A Zeus Trojan variant that steals SMS codes for two-factor authentication is targeting Polish online banking customers.
Several European banks have introduced two-factor authentication that uses a one-time pass code generated sent to mobile phones by text using SMS technology.
These SMS codes are known as mobile transaction authentication numbers (mTANs).
The extra level of authentication was aimed at reducing fraud carried out by criminals using Zeus or SpyEye Trojans, but a variant of Zeus is bypassing this protection.
The attacks use the same type of Zeus man-in-the-mobile (Mitmo) attack that took place in Spain last year, said F-Secure.
Spanish security company, S21sec was the first to report on the Zeus Mitmo.
The Zeus Mitmo steals mTANs and computers infected with a ZeuS Mitmo trojan will inject a "security notification" into the web banking process. This asks users to enter their mobile phone number.
If a phone number is provided, the user will receive an SMS link pointing to the mobile component, ZeusMitmo.A, which will steal mTANs sent by the bank.
The malware also prevents users from being notified of new messages, so cybercriminals can initiate transactions and confirm them with the stolen mTANs without raising suspicion.