Zeus malware adds new targets: BlackBerry devices

Added by on August 9, 2012

Researchers announced they have found a variant of Zeus malware that infects BlackBerry devices.

Security researchers announced on Thursday they ahve found a new variant of malware called Zeus, a ‘trojan horse’. The new variant is known as Zitmo – the mobile version of Zeus. Zeus and Zitmo are designed to steal banking credentials.

Many banks have implanted two-factor authentication where a user enters their user name and password, plus a security code that gets sent to a user’s mobile phone via SMS [also referred to as text messages] whenever attempting to login. Two factor authentication is thought to provide more security as compared to simply providing a user name and password because it combines something a user knows -– their password -– with something they have -– a mobile phone,” said a security expert.

“Zitmo captures the username and password and captures the SMS text that’s sent to the user. The information is then sent to cybercrimals who take over the victims’ bank accounts and transfer thousands of dollars out of victims’ bank accounts,” added the security expert.

The majority of attacks target Windows PCs, and Android devices. Estimates put the number of infected PCs in the US at 3.6m.

Experts say the BlackBerry platform has not been a common target for attackers because BlackBerry devices use features like file encryption, password security, and often have remote wipe capability.

The Zeus trojan was first identified in 2007 and became widespread in 2009. Millions of Windows PCs around the world are now said to be infected with the malware. Zeus primary spreads by email, with approximately 9m email messages sent to users between November 14 and 15, 2009. Another method of infection is via drive-by download, where a user’s PC or mobile device gets infected as a result of knowing or unknowingly downloading software that seems to be innocuous.

Zeus is difficult with up-to-date anti-virus software because the malware uses a number of advanced techniques to remain hidden.

In 2010 the US FBI arrested over 100 people in connection with bank fraud as a result of information stolen by Zeus. It is estimated the criminals managed to steal US$70m before being caught.