Kaspersky Lab researchers have recently discovered apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile transaction authentication numbers (mTANs) sent by banks.
This will assist the Carberp Trojan installed on the users computer’s to empty the victims bank accounts.
The CitMo components were boxed as mobile applications from Russian Sberbank and Alfa-Bank, and popular social network VKontakte. When installed, the CitMo component would work quietly in the background.
The researchers discovered the backdoored apps last Wednesday, informed Google about them, and was removed from the market on Thursday.