Zeus banking malware found targeting BlackBerry devices

by Mark Tyson on 8 August 2012, 13:00

Tags: Kaspersky, Blackberry, RIM (TSE:RIM), PC

Quick Link: HEXUS.net/qabko5

Add to My Vault: x

Zeus is a malware Trojan horse designed mainly to steal online banking details from users. This malware has been around for a couple of years and the mobile variants are called Zitmo (Zeus in the mobile). Previously it mainly infected Android phones (no surprise) but Kaspersky Lab has noticed a new and surprising focus upon BlackBerry phone users.

Zitmo masquerades as a banking security app or security add-on. In particular it pretends to be an update to security certificates for your mobile device. Kaspersky predicted that Zitmo would be targeted at specific mobile niches and now they have examples of Zitmo aimed at BlackBerry users in Germany, Spain and Italy.

The Zitmo attack is “one of the most interesting threats in mobile space so far”. It circumvents mobile banking app security by simply forwarding the infected mobile's SMS messages to a command and control mobile, owned by cyber criminals. It is common for some European banks to send one-time authentication passwords to users via SMS.

An example BlackBerry mobile banking app, hopefully this one doesn't use SMS for passcode reminders.

BlackBerry devices have been mostly spared from malware writers and cyber criminal targeting, so this new Zitmo Trojan has raised a few eyebrows. The BlackBerry system is well known for good security features, held in high regard by big business and governments. With many such high value customers, security is extremely important to BlackBerry parent company RIM. Adrian Stone of the BlackBerry Security Team was recently at the Black Hat conference in Las Vegas and said “When you look at our customer base, it's not only enormous, but it's also high-value. You start at the White House and work your way down. We start with the code and work our way up from there. The end-to-end security premise of BlackBerry is real. We always have to be vigilant. We look at things from everywhere.”

I think the European banks concerned should change their system, avoiding the SMS authentication codes, even if it makes things less convenient. If you want to read more about the new Zitmo attacks on BlackBerry and also on Android check out Securelist, the official Kaspersky blog.



HEXUS Forums :: 3 Comments

Login with Forum Account

Don't have an account? Register today!
This is worring for me as i use the RBS one on my berry.

Will have to look into this further.
Thanks deejay for your £5k contribution this month. Will be sure to enjoy it to the fullest.
Ever since BB refused to supply UK and USA (India & many others) governments passwords/Codes to decrypt messages of customers, inc Business company's, BB has been struggling on every front inc Courts.

We all know why this is happening, BB or any company that is protecting customers privacy will cease to exist, so we can expect BB to disappear or remain alive on such a small level as to not be a threat to governments when riots are organized, authorities prefer you do that kind of stuff via twitter, facebook etc