Spitmo variants are components of a multi-stage, multi-malware, ' man-in-the-mobile' style attack. The first variant found in early 2011, Trojan:SymbOS/Spitmo.A, was on the Symbian platform; subsequent variants have migrated to the Android platform.
The first stage of the attack is performed by Trojan-Spy:W32/Spyeye, a Windows-based malware that uses phishing tactics during a compromised online banking session to steal a user's mobile phone number and the phone's International Mobile Equipment Identity (IMEI) number.
The stolen information is then passed on and used by Symbian-based Spitmo trojan to gain access to the m obile Transaction Authentication Numbers (mTANs) used by banks to authorize online monetary transfers.
A few months later, Trojan:Android/Spitmo.A was discovered; functionally, it is the Android equivalent of its Symbian counterpart, as it steals information from a compromised device and intercepts SMS messages containing mTANs. The Spitmo.B Android variant additionally posts the stolen mTANs on a remote site.
This malware is further discussed in the following Labs Weblog posts: