HWZBB

The only BlackBerry community you will want to be in Singapore. Singapore BlackBerry users, unite!

HWZBB - The only BlackBerry community you will want to be in Singapore. Singapore BlackBerry users, unite!

ZeuS Trojan Is Still Prevalent!

Back in March of 2011, there was news reports that the ZeuS trojan had made its way onto the BlackBerry platform in the way of its mobile version – Zitmo. The Zitmo virus has been more prominent with infiltrating Android devices, but it seemingly has sprung up once again to BlackBerry users in Europe. Even as secure as a device can get, this is not too surprising in any case.Zitmo variants have masqueraded as banking security applications or security add-ons. In this case of the new version targeting BlackBerrys, the app shows up on an infected phone as “Zertifikat”. When the victim runs the app, it displays a message in German telling the users that the installation was successful and showing an activation code for the app.

Zeus, is designed mainly to steal online banking credentials from users. The original versions of Zitmo did this by monitoring incoming SMS messages and picking off the ones that come from a bank and then sending those off to the command-and-control device controlled by the attacker.

That attack is designed to circumvent the out-of-band authentication systems used by some banks, that involve the bank sending the user a one-time password via SMS. The more recent variants of Zitmo aren’t that picky. They just gobble up all of the incoming SMS messages and push them out to the C&C, according to an analysis of the new Zitmo variants by Denis Maslennikov, a researcher at Kaspersky Lab.

“As you may know, the Blackberry platform has never been actively targeted by malware. And here we have 4 different samples of ZeuS-in-the-Mobile for Blackberry at once: 3 .cod files and 1 .jar file (with one more .cod inside). Yes, finally we’ve got a ZitMo dropper file for Blackberry,” Maslennikov said. ”The analysis of new Blackberry ZitMo files showed that there are no major changes. Virus writers finally fixed grammar mistake in the ‘App Instaled OK’ phrase, which is sent via SMS to C&C cell phone number when smartphone has been infected. Instead of ‘BLOCK ON’ or ‘BLOCK OFF’ commands (blocking or unblocking all incoming and outgoing calls) now there are ‘BLOCK’ and ‘UNBLOCK’ commands. Other commands which are received via SMS remain the same.”

RIM is aware of the malware threats said Adrian Stone, Director of Security Response for BlackBerry. ”When you look at our customer base, it’s not only enormous, but it’s also high-value. You start at the White House and work your way down. We start with the code and work our way up from there. The end-to-end security premise of BlackBerry is real. We always have to be vigilant. We look at things from everywhere,” Stone said.

Now, even though its currently targeting specifically at European countries, we could easily be affected. I know some banks are pushing for SMS as an alternative authentication method here in Singapore as well, so do be on your guard.

Nevertheless, always be sure what you’re downloading, even from within BlackBerry App World. We would hate to hear of any user become a victim of the Zitmo virus.

Via ThreatPost

Category: News!

Leave a Comment

Your email address will not be published. Required fields are marked *

*

Please Verify That You Are Human * Time limit is exhausted. Please reload CAPTCHA.