New form of Zeus banking Trojan uncovered targeting BlackBerry devices
A new form of the infamous Zeus banking Trojan has been uncovered targeting BlackBerry devices, according to Kaspersky Lab.
The Kaspersky researchers reported finding several new samples of the Zitmo (Zeus in the mobile), one of which was targeting the BlackBerry platform, on Tuesday.
The Zitmo variant has reportedly been operating for at least two years targeting Android phones by masquerading as banking security application or security add-on.
Previously the BlackBerry ecosystem has not been a common target for attackers, despite its ties to several high-profile government and financial institutions.
This is largely due to BlackBerry devices running on RIM’s corporate servers with strong security, which includes a number of features like file encryption, password security and remote wipe powers.
The new Zeus variant shares its predecessor’s goal and is mainly designed to steal online banking credentials from users.
The new version targeting BlackBerry devices reportedly does this by forwarding incoming SMS messages to the command and control device operated by the criminals.
The tactic is designed to help the criminals circumvent the out-of-band authentication systems used by many European banks, by hijacking the one-time password authentication password sent via SMS.
The Zeus variants discovery comes amid widespread reports from security vendors that mobile malware levels are booming.
There are 4 different samples of ZeuS-in-the-Mobile for Blackberry at once: 3 .cod files and 1 .jar file (with one more .cod inside). Yes, finally a ZitMo dropper file for Blackberry.
Here is a list of countries from which users are threatened by new ZeuS-in-the-Mobile with C&C number from the sample.
- Germany +46769436094
- Spain +46769436073
- Italy +46769436073
- Spain +46769436073
