Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Virus alerts

August 7th, 2012, 14:06 GMT · By

Mobile Version of ZeuS Trojan Targets BlackBerry Users

SHARE:

Adjust text size:

Zertifikat app hides ZitMo
Enlarge picture
Four new variants of the ZeuS-in-the-Mobile malware, also known as ZitMo, have been found by security researchers. ZitMo is not new, but it's not often that a version designed to target BlackBerry users is identified.

There’s nothing really new in the way this malicious element is designed. However, the malware developers have fixed a few spelling mistakes in the message that notifies the mastermind of the successful installation on a device, experts from Kaspersky report.

“As you may know, the Blackberry platform has never been actively targeted by malware. And here we have 4 different samples of ZeuS-in-the-Mobile for Blackberry at once: 3 .cod files and 1 .jar file (with one more .cod inside). Yes, finally we’ve got a ZitMo dropper file for Blackberry,” Kaspersky Lab Expert Denis Maslennikov wrote.

Some minor changes were also made to the list of commands: BLOCK ON and BLOCK OFF have become BLOCK and UNBLOCK.

A new piece of ZeuS malware for Android devices has also been identified. It masquerades itself as an app called Zertificat, which shouldn’t surprise anyone, considering the fact that many ZitMo versions come as security apps or certificate updates.

Once it’s launched, the malicious application informs the user that the so-called certificate has been successfully installed. From this point on, the app works in the background, receiving commands via SMS and forwarding all incoming text messages to the command and control server.

Up until now, Android versions of ZitMo have been somewhat more primitive than the ones designed for other platforms, but this latest variant is similar to the “classic” samples discovered so far by researchers.

The malicious elements target users from European countries such as Germany, Spain and Italy, and they all communicate with a command and control server located in Sweden.

Experts are not certain if this is a new wave of attacks, but certain clues - such as a certificate found in the Android version of ZitMo - suggest that it may be.


1,891 hits
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


Experts Demonstrate Security Holes in Android with Exploitation Framework
Android Is Built for Piracy, App Developer Says
London Olympics Committee Bans Big Hats and Wi-Fi
Symantec Updates Mobile Portfolio, Launches “Mobile Security” for Android
Shady Android “Store” App Sends Victim’s GPS Location to Cybercriminals

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use