Zeus Malware Turns To Smite BlackBerry Users

Thomas Brewster,
Zeus malware - Shutterstock: © dpaint

Attackers start paying more attention to RIM’s devices

Mobile versions of the Zeus malware have been spotted targeting BlackBerry users in earnest, with four different samples discovered by security firm Kaspersky Labs.

Although this is not the first time BlackBerry owners have been targeted by Zeus, it is rare for them to be targeted by any threats at all, due to the quality of their security in comparison to other phones.

Given the declining popularity of the RIM devices, the findings were even more surprising, as hackers tend to go for the most used operating systems in mobile attacks, hence why Android is such a big target.

The first time Zeus was seen targeting RIM was back in 2010, TechWeekEurope was told by Kaspersky Lab expert Denis Maslennikov.

Doubling up

Fresh versions of ZitMo, or ZeuS-in-the-Mobile, were seen targeting BlackBerry and Android users across Europe, attempting to steal users’ banking data and their money, although the UK users appear to be free from harm.

ZitMo gets hold of banking information by intercepting all text messages and passing them on to attackers’ own devices. It gets onto devices inside malicious applications, which users are duped into downloading. In this case, the malicious app was posing as security software called ‘Zertifikat’.

Kaspersky found mobile users in Spain, Italy and Germany were targeted by these fresh variants, with two command and control (C&C) numbers found on Sweden’s Tele2 operator.

“The analysis of new Blackberry ZitMo files showed that there are no major changes. Virus writers finally fixed grammar mistake in the ‘App Instaled [sic] OK’’ phrase, which is sent via SMS to C&C cell phone number when smartphone has been infected,” Maslennikov said in a blog post.

“Instead of ‘BLOCK ON’’ or ‘BLOCK OFF’’ commands (blocking or unblocking all incoming and outgoing calls) now there are ‘BLOCK’’ and ‘UNBLOCK’’ commands. Other commands which are received via SMS remain the same.”

Earlier this year, Kaspersky warned of a set of malicious Android applications posing as security software. Zeus was sitting behind those apps, ready to siphon off text messages.

Are you a security guru? Try our quiz!