Threat Descriptons



Category :


Type :


Platform :


Aliases :

Trojan:Android/Spitmo, Trojan:Android/Spitmo.A, Trojan:Android/Spitmo.B, Trojan:SymbOS/Spitmo.A


Trojan:Android/Spitmo variants steal SMS messages containing bank-generated authentication codes for validating online transactions.


Once the scan is complete, the F-Secure security product will ask if you want to uninstall the file, move it to the quarantine or keep it installed on your device.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Spitmo variants are components of a multi-stage, multi-malware, ' man-in-the-mobile' style attack. The first variant found in early 2011, Trojan:SymbOS/Spitmo.A, was on the Symbian platform; subsequent variants have migrated to the Android platform.

The first stage of the attack is performed by Trojan-Spy:W32/Spyeye, a Windows-based malware that uses phishing tactics during a compromised online banking session to steal a user's mobile phone number and the phone's International Mobile Equipment Identity (IMEI) number.

The stolen information is then passed on and used by Symbian-based Spitmo trojan to gain access to the m obile Transaction Authentication Numbers (mTANs) used by banks to authorize online monetary transfers.

A few months later, Trojan:Android/Spitmo.A was discovered; functionally, it is the Android equivalent of its Symbian counterpart, as it steals information from a compromised device and intercepts SMS messages containing mTANs. The Spitmo.B Android variant additionally posts the stolen mTANs on a remote site.

This malware is further discussed in the following Labs Weblog posts:


  • Trojan:Android/Spitmo.A
  • Trojan:Android/Spitmo.B
More Support


Ask questions in our Community .

User Guides

Check the user guide for instructions.

Contact Support

Chat with or call an expert.

Submit a Sample

Submit a file or URL for analysis.