- BlackBerry Target Of New Wave Of ZitMo Trojan Attacks
  • BlackBerry, Target Of New Wave Of ZitMo Trojan Attacks

    It is not very often that we hear any news concerning security threats regarding BlackBerry. So when new exploits or security breaches are found, it is worth taking note. In the latter half of last year, Kaspersky Lab's security research team published an article with information regarding the ZeuS-in-the-Mobile (ZitMo) Trojan and its ability to mislead users into sending banking information to malicious users.

    The ZitMo Trojan has actually been around for a couple years now and has generally been elusive to those researching vulnerabilities on BlackBerry devices. ZitMo's sole purpose is to steal mobile users mTAN codes; your banks Transaction Authentication Number, and forward it to a malicious user. Banks often use these TAN codes as away to authenticate users to their online banking services.

    The whole attack is finely orchestrated, using the already well known ZeuS PC- based attack to gather user banking information and cell phone number. Kaspersky describes the attack in the following manner:

    1. Cyber criminals use the PC-based ZeuS to steal the data needed to access online banking accounts and client cell phone numbers.
    2. The victim’s mobile phone receives a text message with a request to install an updated security certificate, or some other necessary software. However, the link in the text message will actually lead to the mobile version of ZeuS.
    3. If the victim installs this software and infects the phone, the malicious user can then use the stolen personal data and attempt to make cash transactions from the compromised account, but still needs an mTAN code to authenticate the transaction.
    4. The bank sends out a text message with the mTAN code to the client’s mobile phone.
    5. ZitMo forwards the text message with the mTAN code to the malicious user’s phone.
    6. The malicious user is then able to use the mTAN code to authenticate the transaction.

    A fragment of the certificate .cod file and commands.

    Trojan installation process

    Researchers at Kaspersky Lab's have found 4 new samples of ZitMo on BlackBerry devices that potentially point to a new wave of attacks.

    The samples include 3 .cod files and 1 .jar file with another .cod conveniently placed inside the .jar file. The samples according to Kaspersky have all come from various European countries to include, Spain, Poland, and Germany. The following is a list of counties provided by Kaspersky in which users need to be more aware of ZitMo:

    • Germany +46769436094
    • Spain +46769436073
    • Italy +46769436073
    • Spain +46769436073

    Some Tips

    The best way to help safeguard against this revamped threat is to make sure you have a clean PC. Always make sure that you have the latest antivirus definitions on your computer, and be careful when downloading applications to your computer and mobile device. Only accept text messages from numbers that you are familiar with, or at least have the sender identify themselves. Last but not least, verify the source of your mobile download. Most vendors will have some sort of identification linked to the download. If you're unsure contact them and make sure it's a legit download.
    This article was originally published in forum thread: BlackBerry Target Of New Wave Of ZitMo Trojan Attacks started by ice2921 View original post

    comments powered by Disqus
  • Sponsored Ad

  • Recent Comments

  • Most Commented

    The most commented articles on BlackBerryOS over the past 24 hours.
  • Recent Forum Posts


    AOL IM Sound

    I cant find it royal1688 anywhere. Anyone know where this can be gclub found?

    lnwpen88 09-18-2014, 11:45 PM Go to last post

    Batterie pour Z10

    Bonjour, la batterie MPJ de 5000mAh fonctionne-t-elle correctement ? vous avez un Z10-LTE compatible 4G ou la version Z10 compatible 3G ? Sur leur site,

    BXavier52 09-18-2014, 11:57 AM Go to last post

    Toysoft Productivity Tools Fire Sale

    BlackBerry World is running a promotion for Indosat, EMEA and LATAM countries and I'm opening it up to the rest of the world. The promotion will start

    Smiley88 09-18-2014, 08:25 AM Go to last post

    Wallpaper for Passport available?

    You will find the links to my host (complete sets, regulary extended) in german blogs (my native soil):

    Starter Kit Passport Wallpaper

    serversurfer 09-18-2014, 02:53 AM Go to last post

    BlackBerry Synchronization Issue


    I am trying to get my calendar all synchronized between my BlackBerry and computer.

    I did have it working between my BlackBerry

    ThomasWillNot 09-17-2014, 01:34 PM Go to last post
  • Sponsored Ad