Researchers at Kaspersky Lab have shed light on new variants of Zeus that have struck both Android and BlackBerry mobile platforms.
While the Zeus trojan isn’t new, the attacks have changed, and ‘ZitMo’ is now built for attacking the BlackBerry platform, in addition to Android devices. From analysis, researchers have deduced that the bot is controlled from 2 different numbers tied to an operator, Tele2, located in Sweden. Once installed on a handset, the application gives full remote device control to an attacker via the cellular control channel, in the form of an SMS.
Zeus doesn’t pack much in terms of malicious capabilities, but eavesdropping on text messages is the name of the game here. The main purpose of ‘ZeuS-on-Mobile‘ is to enable an attacker to remotely enable forwarding of SMS or block the user from receiving calls.
The Android variant of Zeus masquerades as a certificate or security application. Once installed, the application starts listening to incoming messages from the control number, and acts on requests. Installed as “Zertificate”, it doesn’t make any serious attempts at hiding itself. It’s not included with a game, or application that actually provides anything useful. It’s a simple command-driven bot. Kaspersky Labs have dissected the APK and found an included self-signed certificate with a validity date starting July 19th, indicating the application was likely built and deployed less than a month ago.
There haven’t been any new reports of devices being compromised in the wild, while the variants are newer, they are not more sophisticated. For a more in-depth look at “ZeuS-on-Mobile”, take a look at the Facts and Theories page.
Using good judgement, ensuring your applications come from a vetted location, and never installing anything you don’t trust, are generally safe practices that will help keep your mobile device free of malicious applications.