{"id":11029,"date":"2011-09-14T10:40:20","date_gmt":"2011-09-14T17:40:20","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=11029"},"modified":"2025-06-05T07:53:14","modified_gmt":"2025-06-05T14:53:14","slug":"spitmo-vs-zitmo-banking-trojans-target-android","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/","title":{"rendered":"Spitmo vs Zitmo: Banking Trojans Target Android"},"content":{"rendered":"

SpyEye and Zeus are probably the most prevalent and active Trojan “banker” families seen in the wild. (Bankers steal bank passwords and other financial data.) At the beginning of the year there was a rumor about the “merger”\u00a0of both toolkits into a new generation of banking Trojan. It is not clear yet whether leaked Zeus source code has been included in the new version of SpyEye, but it is clear that both families are quite active, especially targeting Android, one of the most popular operating systems for mobiles.<\/p>\n

Three Interesting Characteristics<\/h2>\n

Despite serving the same purpose as the Zeus version for Android (known as Zitmo, for Zeus in the mobile),<\/a> SpyEye (dubbed Spitmo, for SpyEye in the mobile) has some interesting differences. Both work to defeat a second factor of authentication in an electronic transaction–in this case an mTAN (mobile transaction authentication number)–by forwarding all incoming SMS to a remote server after the username and password have been captured from the infected computer. But SpyEye offers three new interesting characteristics:<\/p>\n

1. SpyEye and Zeus use the same distribution method (a computer infected with SpyEye will suggest the user enter a URL in a mobile device to download the malicious Android app), but the user interaction is different. SpyEye does not look like a security tool, as ZeuS for Android does. SpyEye also does not run in the background as a service; it is not active until a predetermined number (325000) is dialed or an SMS is received:<\/p>\n

\"\"<\/a><\/p>\n

SpyEye might take this step to reduce the presence of the malware in the device. It will not have a user interface and will not appear in the Running tab of the Manage Applications window. Another difference is that instead of seeing the IMEI on the screen, the user (of the infected computer) is instructed to call a specific number to get a fake \u201cauthentication code\u201d that will always be the same (because it is hardcoded in the application):<\/p>\n

\"\"<\/a><\/p>\n

2. With SpyEye the intercepted messages can be transferred via SMS or HTTP. This configuration is stored in a file in the original app called Settings.xml:<\/p>\n

\"\"<\/a><\/p>\n

The malware will check if the value in \u201cSend\u201d is 1 (HTTP) or 2 (SMS). If it is 2, then it will forward the SMS to the number specified in the telephone tag:<\/p>\n

\"\"<\/a><\/p>\n

Sending an SMS to the attacker can affect victims because the forwarded SMS can generate additional expenses. Also, given that the configuration lies outside the malicious code, the delivery method can be different among the variants of the malware. Unlike Zeus, SpyEye carries its URLs for receiving the stolen information in one settings file. For this reason it is more flexible because the URLs can be changed among variants.<\/p>\n

3. The stolen SMS are sent without encryption to the attacker’s URL. Unlike Zeus for Android \u00a0(which uses a JSON object in a POST request to send the stolen information), SpyEye uses URLEncoder<\/a> to \u201cencode\u201d the data by converting some characters (except letters, numbers, and some special characters) into hexadecimal values preceded by \u201c%.\u201d Thus the data is basically being transmitted in clear text (so it can be easily intercepted by a sniffer on the Internet):<\/p>\n

\u00a0\"\"<\/a><\/p>\n

Zeus and SpyEye share the same objective–to obtain the mTANs sent in an SMS to perform electronic transactions that require this second factor of authentication. But the new version of SpyEye for Android adds interesting functions to slow down the analysis process, provide flexibility, and affect the user in different ways. These additions show that this kind of banking malware is in constant evolution. With the increasing popularity of Android and mobile banking, we expect to find more of this kind of malware in the wild. This malicious application is detected in VSE\/VSO as Android\/Spitmo and in VSM as Android\/Spitmo.B.<\/p>\n","protected":false},"excerpt":{"rendered":"

SpyEye and Zeus are probably the most prevalent and active Trojan “banker” families seen in the wild. (Bankers steal bank…<\/p>\n","protected":false},"author":462,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[37,180,214],"coauthors":[1104],"class_list":["post-11029","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-android","tag-malware","tag-mobile-security1"],"acf":[],"yoast_head":"\nSpitmo vs Zitmo: Banking Trojans Target Android | McAfee Blog<\/title>\n<meta name=\"description\" content=\"SpyEye and Zeus are probably the most prevalent and active Trojan "banker" families seen in the wild. (Bankers steal bank passwords and other financial\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Spitmo vs Zitmo: Banking Trojans Target Android | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"SpyEye and Zeus are probably the most prevalent and active Trojan "banker" families seen in the wild. (Bankers steal bank passwords and other financial\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2011-09-14T17:40:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-05T14:53:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/manifest-recivers.png\" \/>\n\t<meta property=\"og:image:width\" content=\"632\" \/>\n\t<meta property=\"og:image:height\" content=\"226\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Carlos Castillo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@carlosacastillo\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlos Castillo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/\"},\"author\":{\"name\":\"Carlos Castillo\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe\"},\"headline\":\"Spitmo vs Zitmo: Banking Trojans Target Android\",\"datePublished\":\"2011-09-14T17:40:20+00:00\",\"dateModified\":\"2025-06-05T14:53:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/\"},\"wordCount\":637,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/manifest-recivers.png\",\"keywords\":[\"android\",\"malware\",\"mobile security\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/\",\"name\":\"Spitmo vs Zitmo: Banking Trojans Target Android | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/manifest-recivers.png\",\"datePublished\":\"2011-09-14T17:40:20+00:00\",\"dateModified\":\"2025-06-05T14:53:14+00:00\",\"description\":\"SpyEye and Zeus are probably the most prevalent and active Trojan \\\"banker\\\" families seen in the wild. (Bankers steal bank passwords and other financial\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/manifest-recivers.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/manifest-recivers.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Spitmo vs Zitmo: Banking Trojans Target Android\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe\",\"name\":\"Carlos Castillo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/729f5b9d2761341175762c5f10652607\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg\",\"caption\":\"Carlos Castillo\"},\"description\":\"Carlos Castillo specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee\u2019s Mobile Security for Android product. He is the author of the McAfee-published white paper, \\\"Android Malware Past, Present, and Future,\u201d and wrote the \u201cHacking Android\\\" section of the book, \\\"Hacking Exposed 7: Network Security Secrets & Solutions.\u201d As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America\u2019s Best Antivirus Research contest with a paper titled, \u201cSexy View: The Beginning of Mobile Botnets.\u201d Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogot\u00e1, Colombia.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/carlosacastillo\/\",\"https:\/\/x.com\/carlosacastillo\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/carlos-castillo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Spitmo vs Zitmo: Banking Trojans Target Android | McAfee Blog","description":"SpyEye and Zeus are probably the most prevalent and active Trojan \"banker\" families seen in the wild. (Bankers steal bank passwords and other financial","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Spitmo vs Zitmo: Banking Trojans Target Android | McAfee Blog","og_description":"SpyEye and Zeus are probably the most prevalent and active Trojan \"banker\" families seen in the wild. (Bankers steal bank passwords and other financial","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2011-09-14T17:40:20+00:00","article_modified_time":"2025-06-05T14:53:14+00:00","og_image":[{"width":632,"height":226,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/manifest-recivers.png","type":"image\/png"}],"author":"Carlos Castillo","twitter_card":"summary_large_image","twitter_creator":"@carlosacastillo","twitter_site":"@McAfee","twitter_misc":{"Written by":"Carlos Castillo","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/"},"author":{"name":"Carlos Castillo","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe"},"headline":"Spitmo vs Zitmo: Banking Trojans Target Android","datePublished":"2011-09-14T17:40:20+00:00","dateModified":"2025-06-05T14:53:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/"},"wordCount":637,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/manifest-recivers.png","keywords":["android","malware","mobile security"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/","name":"Spitmo vs Zitmo: Banking Trojans Target Android | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/manifest-recivers.png","datePublished":"2011-09-14T17:40:20+00:00","dateModified":"2025-06-05T14:53:14+00:00","description":"SpyEye and Zeus are probably the most prevalent and active Trojan \"banker\" families seen in the wild. (Bankers steal bank passwords and other financial","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/manifest-recivers.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/manifest-recivers.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Spitmo vs Zitmo: Banking Trojans Target Android"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe","name":"Carlos Castillo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/729f5b9d2761341175762c5f10652607","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg","caption":"Carlos Castillo"},"description":"Carlos Castillo specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee\u2019s Mobile Security for Android product. He is the author of the McAfee-published white paper, \"Android Malware Past, Present, and Future,\u201d and wrote the \u201cHacking Android\" section of the book, \"Hacking Exposed 7: Network Security Secrets & Solutions.\u201d As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America\u2019s Best Antivirus Research contest with a paper titled, \u201cSexy View: The Beginning of Mobile Botnets.\u201d Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogot\u00e1, Colombia.","sameAs":["https:\/\/www.linkedin.com\/in\/carlosacastillo\/","https:\/\/x.com\/carlosacastillo"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/carlos-castillo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/11029","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/462"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=11029"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/11029\/revisions"}],"predecessor-version":[{"id":215147,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/11029\/revisions\/215147"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=11029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=11029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=11029"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=11029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}