A new sample of Zitmo is out, pretending to be an Android Security Suite. Like others in Zitmo, the malware is a SMS spy: it forwards incoming SMS message to a remote server. This particular sample responds to a few basic SMS commands we have reversed. In the following video, we show one of these commands in action: a SMS whose body is “/” and followed by a phone number sets up a new phone number for the spy. Then, all future incoming SMS are also forwarded to that phone number.
The original article/video can be found at Controlling AndroidZitmo.E!tr.spy by SMS