Computer security company Kaspersky Lab has said that cybercriminals are increasingly supplementing spy Trojans operating on users’ computers with mobile modules to circumvent security walls of banks.

In its malware report for July, the Moscow-based antivirus company said that it has detected a new version of the mobile spy Trojan ZitMo which is capable of stealing mTAN codes, one-time passwords used when performing a remote transaction and sent to the bank customer via SMS.

The company said it found the mobile version of the ZeuS Trojan running on Symbian, Windows Mobile and BlackBerry platforms and now it has added Android devices to its list.

If a user’s computer is infected with ZeuS, and the mobile phone is infected with ZitMo, the cybercriminals gain access to the victim’s bank account and can intercept the one-time transaction password sent by the bank to the user, said Kaspersky.

In such cases, even authentication using mTAN codes cannot prevent the victim’s money from being stolen from their bank account, warned the antivirus company.

It also reported that last month Google excluded more than 11 million URLs with .co.cc addresses from its search results. The ‘blocked’ domain zone is among the largest globally, ranking fourth after .com, .de and .net in terms of registered domain names. In most cases the domain’s URLs are used by cybercriminals to spread rogue antivirus programs or conduct drive-by attacks.

Kaspersky also said that its prediction that 2011 would be the year that cybercriminals target absolutely any kind of data has proved only too true.

In July, Brazilian phishers have started stealing the ‘miles’ accrued by frequent flyers and using them to buy tickets but also as a form of currency.