Blackberry phones are the current target for cybercriminals:Trend Micro

by CXOtoday Staff    Apr 11, 2011

ZeuS TrojanResearch In Motion’s BlackBerry OS has been virtually impossible to exploit, which has allowed it to become world renown for its security. However, Trend Micro (TYO:4704) researchers had announced in 2006, that the BlackBerry technology could be exploited by cybercriminals; and according to the content security company there is a new attack specifically targeting BlackBerry’s SMS feature. Interesting, the company points out that smartphone till date has been spared by the regular cyber attacks over the years although there have been regular news of malware attacks.

“With the growing diversity of operating systems among companies, as well as the growing use of mobile devices, cybercriminals should have a very profitable 2011. Their tactic will be to put a new spin on social engineering by way of malware campaigns, by bombarding recipients with emails that drop downloaders containing malware. All this will largely be made possible because of the Internet,” warns Amit Nath country manager, India and SAARC Trend Micro.

The researchers were alerted to the discovery of a ZeuS Trojan specifically targeting the Blackberry Users. Blackberry OS is currently detected by Trend Micro as BBOS_ZITMO.B. Just like its desktop counterpart, this ZeuS variant does not display any graphical user interface (GUI) that can prompt users about the infection. Instead, it removes itself from the list of applications. Upon successful installation, it sends a confirmation message to the administrator to signal that it is ready to receive commands. It specifically sends the message “App Installed OK”.

After the confirmation message the Trojan can view, delete and forward SMS, block calls, change the administrator on the device and block phone numbers. It allows the hacker to change the telephone number the device sends all the data to in the event that it gets shut down. The aim of the Zeus Trojan on smartphones is to monitor users’ private information and in particular when they conduct mobile online banking.

Variants of the Zeus Trojan have been previously detected for the Symbian and Windows Mobile operating systems, exhibiting similar behavior. The aim of the Zeus Trojan on smartphones is to monitor users’ private information and in particular when they conduct mobile online banking. As smartphones gain popularity, users will face the same security threats faced by PC users.