Four new variants of the ZeuS-in-the-Mobile malware, also known as ZitMo, have been found by security researchers. ZitMo is not new, but it's not often that a version designed to target BlackBerry users is identified.
There’s nothing really new in the way this malicious element is designed. However, the malware developers have fixed a few spelling mistakes in the message that notifies the mastermind of the successful installation on a device, experts from Kaspersky report
“As you may know, the Blackberry platform has never been actively targeted by malware. And here we have 4 different samples of ZeuS-in-the-Mobile for Blackberry at once: 3 .cod files and 1 .jar file (with one more .cod inside). Yes, finally we’ve got a ZitMo dropper file for Blackberry,” Kaspersky Lab Expert Denis Maslennikov wrote.
Some minor changes were also made to the list of commands: BLOCK ON
and BLOCK OFF
have become BLOCK
A new piece of ZeuS malware for Android devices has also been identified. It masquerades itself as an app called Zertificat
, which shouldn’t surprise anyone, considering the fact that many ZitMo versions come as security apps or certificate updates.
Once it’s launched, the malicious application informs the user that the so-called certificate has been successfully installed. From this point on, the app works in the background, receiving commands via SMS and forwarding all incoming text messages to the command and control server.
Up until now, Android versions of ZitMo have been somewhat more primitive than the ones designed for other platforms, but this latest variant is similar to the “classic” samples discovered so far by researchers.
The malicious elements target users from European countries such as Germany, Spain and Italy, and they all communicate with a command and control server located in Sweden.
Experts are not certain if this is a new wave of attacks, but certain clues - such as a certificate found in the Android version of ZitMo - suggest that it may be.