Mar4 |
1:49 am (UTC-7) | by
Patrick Estavillo (Threats Analyst) |
As early as 2006, Trend Micro already recognized the fact that the BlackBerry technology could be exploited by cybercriminals. The smartphone may have remained spared from malware attacks over the years although there have been recent news of a ZeuS variant specifically targeting BlackBerry users. As we have said in a recent post, banking Trojans are evolving and more sophisticated attacks involving smartphones are among the most recent developments.
The ZeuS malware specifically targeting the BlackBerry OS is currently detected by Trend Micro as BBOS_ZITMO.B. Just like its desktop counterpart, this ZeuS variant does not display any graphical user interface (GUI) that can prompt users about the infection. Instead, it removes itself from the list of applications in order to effectively stay under the radar.
Upon successful installation, it sends a confirmation message to the administrator to signal that it is ready to receive commands. It specifically sends the message, “App Installed OK,” to the U.K. number +447{BLOCKED}, as shown in the screenshot below.
 |
BBOS_ZITMO.B also allows the attacker to remotely change the number to which it forwards SMS sent to the affected phone, also known as the administrator number. Thus, in the event that the original administrator number is tracked down and becomes unavailable, the attacker can just send a command to change the administrator number and continue receiving forwarded messages.
Based on our analysis, BBOS_ZITMO.B is capable of carrying out the following commands:
- Display SMS: Unmonitored SMS will be treated as a normal SMS and will be displayed on the phone.
- Delete/Drop SMS: SMS from hacker will not be seen by the user.
- Forward SMS: Send SMS to hacker without the user’s knowledge.
- Block Calls
- Remove Block Calls
- Set Administrator: Register a new administrator.
- On/Off
- Add Sender
- Remove Sender
- Set Sender
- Block/Unblock Phone Numbers
Other smartphone OSs are not immune to this threat either. Variants targeting smartphones running Symbian (SYMBOS_ZBOT.B) and Windows Mobile (WINCE_ZBOT.B) have also been spotted with behaviors that are very similar to those exhibited by BBOS_ZITMO.B.
With the increased popularity of mobile banking goes the increase of mobile threats. Thus, users are strongly advised to keep their mobile devices secure and be cautious when installing applications and clicking links sent by unknown users, as they may lead to the download of malicious applications.
Share this article |
 |
        |
Pingback: Blackberry mobile banking security threat, Blackberry trojan Zeus detected, | DWS Gadgets
Pingback: Trend Micro Asia Pacific News Library - Third-Generation QAKBOT: Repackaged with Improved Propagation
Pingback: Third-Generation QAKBOT: Repackaged with Improved Propagation | Simply Security
Pingback: BlackBerry Smartphones Targeted by Zeus Trojan
Pingback: ORSIS » Blog Archive » Zeus ataca a los equipos BlackBerry
Pingback: AppBB.co » Zeus: El primer troyano que burla la seguridad del Blackberry
Pingback: ZeuS infetta ora anche i BlackBerry [MegaLab.it]
Pingback: ZeuS Targets Mobile Users | Simply Security
Pingback: kifemachine.com // its just kife. » Beware: ZeuS Trojan Stealthily Targets your BlackBerry
Pingback: The ZeuS Trojan Targets your BlackBerry Smartphone » Nerdberry.net
Pingback: Beware: ZeuS Trojan Stealthily Targets your BlackBerry | 101 Best BlackBerry Apps
Pingback: Caution !!!! ZeuS Trojan Stealthily Targets your BlackBerry | For 9ja Blackberry® Peeps
Pingback: Trend Micro Asia Pacific News Library - ZeuS Targets Mobile Users