The ZeuS malware specifically targeting the BlackBerry OS is currently detected by Trend Micro as BBOS_ZITMO.B. Just like its desktop counterpart, this ZeuS variant does not display any graphical user interface (GUI) that can prompt users about the infection. Instead, it removes itself from the list of applications, in order to effectively stay under the radar.
Upon successful installation, it sends a confirmation message to the administrator to signal that it is ready to receive commands. It specifically sends the message “App Installed OK” to the U.K. number +447{BLOCKED} as seen in the screenshot below.
 |
BBOS_ZITMO.B also allows the attacker to remotely change the number to which it forwards SMS messages sent to the affected phone, also known as the administrator number. Thus, in the event that the original administrator number is tracked down and becomes unavailable, the attacker can just send a command to change the administrator number and continue receiving the forwarded messages.
Based on our analysis, BBOS_ZITMO.B is capable of carrying out the following commands:
- Display SMS: Unmonitored SMS will be treated as a normal SMS and will be displayed on the phone.
- Delete/Drop SMS: SMS from hacker will not be seen by the user.
- Forward SMS: Send SMS to hacker without the user’s knowledge.
- Block Calls
- Remove Block Calls
- Set Administrator: Register a new administrator.
- On/Off
- Add Sender
- Remove Sender
- Set Sender
- Block/Unblock Phone Numbers
With the increased popularity of mobile banking goes the increase of mobile threats. Thus users are strongly advised to keep their mobile devices secure, and be cautious in installing applications and clicking links sent by unknown users, as they may lead to the download of malicious applications.
[TrendMicro]
No comments:
Post a Comment