Security vendor F-Secure has come across a fresh variant on the Zeus Trojan that it said could be targeting mobile banking users.

According to a blog post from the firm, the hack seems designed to steal Mtans, which are one time mobile transaction numbers used by banks. The firm warned that the variant could be used to steal these Mtans from a Windows OS based phone using either a Symbian, .sis, or Blackberry, .jad, component  

F-Secure was following up on an earlier security announcement from another set of researchers.

"S21sec, a digital security services company, posted on their blog on Saturday [about the attack]," F-Secure noted.

"The ZeuS variants they've discovered (which we detect as Trojan-Spy:W32/Zbot.PUA and PUB) ask for mobile phone details and then send an SMS with a download link based on the answers given by the victim."

Infecting the user's mobile device in this way means the cyber criminals can intercept any one-time transaction numbers used to authenticate in online banking.

F-Secure said that it was difficult to get a handle on the attack, because the command and control channel used by the Trojan is no longer online.

"This attack is not a one-off by some hobbyist" it warned. "It's been developed by individuals with an excellent understanding of mobile applications and social engineer. We expect that they'll continue its development. [The game of] Cat-and-mouse continues."