Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    1:49 am (UTC-7)   |    by

    As early as 2006, Trend Micro already recognized the fact that the BlackBerry technology could be exploited by cybercriminals. The smartphone may have remained spared from malware attacks over the years although there have been recent news of a ZeuS variant specifically targeting BlackBerry users. As we have said in a recent post, banking Trojans are evolving and more sophisticated attacks involving smartphones are among the most recent developments.

    The ZeuS malware specifically targeting the BlackBerry OS is currently detected by Trend Micro as BBOS_ZITMO.B. Just like its desktop counterpart, this ZeuS variant does not display any graphical user interface (GUI) that can prompt users about the infection. Instead, it removes itself from the list of applications in order to effectively stay under the radar.

    Upon successful installation, it sends a confirmation message to the administrator to signal that it is ready to receive commands. It specifically sends the message, “App Installed OK,” to the U.K. number +447{BLOCKED}, as shown in the screenshot below.

    Click for larger view

    BBOS_ZITMO.B also allows the attacker to remotely change the number to which it forwards SMS sent to the affected phone, also known as the administrator number. Thus, in the event that the original administrator number is tracked down and becomes unavailable, the attacker can just send a command to change the administrator number and continue receiving forwarded messages.

    Based on our analysis, BBOS_ZITMO.B is capable of carrying out the following commands:

    • Display SMS: Unmonitored SMS will be treated as a normal SMS and will be displayed on the phone.
    • Delete/Drop SMS: SMS from hacker will not be seen by the user.
    • Forward SMS: Send SMS to hacker without the user’s knowledge.
    • Block Calls
    • Remove Block Calls
    • Set Administrator: Register a new administrator.
    • On/Off
    • Add Sender
    • Remove Sender
    • Set Sender
    • Block/Unblock Phone Numbers

    Other smartphone OSs are not immune to this threat either. Variants targeting smartphones running Symbian (SYMBOS_ZBOT.B) and Windows Mobile (WINCE_ZBOT.B) have also been spotted with behaviors that are very similar to those exhibited by BBOS_ZITMO.B.

    With the increased popularity of mobile banking goes the increase of mobile threats. Thus, users are strongly advised to keep their mobile devices secure and be cautious when installing applications and clicking links sent by unknown users, as they may lead to the download of malicious applications.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice