A new version of the Zitmo is designed to steal mobile transaction authentication numbers (mTANs), and one-time passwords that some banks send via SMS messages to improve security layer.
The malware (Zeus in the mobile) looks like a legitimate banking security app called Rapport, made by web security firm Trusteer.
Once installed, the bogus app intercepts all incoming SMS messages and forwards them to a remote server.
It attacks a service provided by some European and African banks, so Australians are safe.
Mickey Boodaei, CEO of Trusteer, said Zitmo's masterminds leveraged his company's name to gain users' trust.
The program spread for four to five days during late May and early June, but the servers supporting the operation were taken offline more than a month ago.
The Zitmo variant for Android worked in conjunction with Zeus version 126.96.36.199, Boodaei said. Once a user's PC was infected with Zeus, the malware tried to trick them into downloading Zitmo on their smartphone.
The Zitmo family of malware has also previously targeted Symbian, BlackBerry and Windows Mobile phones and is the first malicious mobile app that worked in combination with a Windows.
“[Attackers] know that banks are employing two-factor authentication,” FortiGuard Labs senior security strategist Derek Manky said.
"This is evidence that attackers are going after and trying to defeat those additional security barriers.”
Attackers would likely develop more sophisticated banking trojans for the mobile platform, Boodaei predicted. “We will start seeing malware that actually tries to tamper with your transactions through your mobile phone instead of just getting SMS messages."