ZeuS Targets Mobile Users
As early as 2006, Trend Micro already recognized the fact that the BlackBerry technology could be exploited by cybercriminals. The smartphone may have remained spared from malware attacks over the years although there have been recent news of a ZeuS variant specifically targeting BlackBerry users. As we have said in a recent post, banking Trojans are evolving and more sophisticated attacks involving smartphones are among the most recent developments.
The ZeuS malware specifically targeting the BlackBerry OS is currently detected by Trend Micro as BBOS_ZITMO.B. Just like its desktop counterpart, this ZeuS variant does not display any graphical user interface (GUI) that can prompt users about the infection. Instead, it removes itself from the list of applications, in order to effectively stay under the radar.
Upon successful installation, it sends a confirmation message to the administrator to signal that it is ready to receive commands. It specifically sends the message “App Installed OK” to the U.K. number +447{BLOCKED} as seen in the screenshot below.
 |
BBOS_ZITMO.B also allows the attacker to remotely change the number to which it forwards SMS messages sent to the affected phone, also known as the administrator number. Thus, in the event that the original administrator number is tracked down and becomes unavailable, the attacker can just send a command to change the administrator number and continue receiving the forwarded messages.
Based on our analysis, BBOS_ZITMO.B is capable of carrying out the following commands:
- Display SMS: Unmonitored SMS will be treated as a normal SMS and will be displayed on the phone.
- Delete/Drop SMS: SMS from hacker will not be seen by the user.
- Forward SMS: Send SMS to hacker without the user’s knowledge.
- Block Calls
- Remove Block Calls
- Set Administrator: Register a new administrator.
- On/Off
- Add Sender
- Remove Sender
- Set Sender
- Block/Unblock Phone Numbers
Other smartphone OSs are not immune to this threat either. Variants targeting smartphones running Symbian (SYMBOS_ZBOT.B) and Windows Mobile (WINCE_ZBOT.B) have also been spotted with behaviors that are very similar to those exhibited by BBOS_ZITMO.B.
With the increased popularity of mobile banking goes the increase of mobile threats. Thus users are strongly advised to keep their mobile devices secure, and be cautious in installing applications and clicking links sent by unknown users, as they may lead to the download of malicious applications.
Post from: TrendLabs | Malware Blog – by Trend Micro
ZeuS Targets Mobile Users
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet