As early as 2006,
href="https://www.dqweek.com/trend-micro-introduces-trend-reward-program">Trend
Micro researchers predicted the fact that the BlackBerry technology
could be exploited by cybercriminals. Smartphones till date have been
spared by the regular cyber attacks over the years, although there
have been regular news of malware attacks on smartphones from
different parts of the world.
Research In Motion's
BlackBerry OS has been virtually impossible to exploit, which has
allowed it to become world renown for its security. However,
according to Trend Micro there is a new attack specifically targeting
BlackBerry's SMS feature.
Trend Micro researchers
were alerted to the discovery of a ZeuS Trojan specifically targeting
the BlackBerry users. Blackberry OS is currently detected by Trend
Micro as BBOS_ZITMO.B. Just like its desktop counterpart, this ZeuS
variant does not display any graphical user interface (GUI) that can
prompt users about the infection. Instead, it removes itself from the
list of applications. Upon successful installation, it sends a
confirmation message to the administrator to signal that it is ready
to receive commands. It specifically sends the message 'App Installed
OK' (please refer to the picture attached). After the confirmation
message the Trojan can view, delete and forward SMS, block calls,
change the administrator on the device and block phone numbers. It
allows the hacker to change the telephone number the device sends all
the data to in the event that it gets shut down. The aim of the Zeus
Trojan on smartphones is to monitor users' private information and in
particular when they conduct mobile online banking.
“As more users access
Internet from expanding pool of devices, web-based threats will
continue in size. The growth of smartphones and faster data speed
will also increase the possibilities of infection. As criminals
devise ways to make money out of exploiting mobile technologies,
mobile users will grow extremely vulnerable,” commented Amit Nath,
country manager-India and SAARC, Trend Micro. He further added,
“With the growing diversity of operating systems among companies,
as well as the growing use of mobile devices, cybercriminals should
have a very profitable 2011. Their tactic will be to put a new spin
on social engineering by way of malware campaigns, by bombarding
recipients with emails that drop downloaders containing malware. All
this will largely be made possible because of the Internet.”
According to Trend Micro
researchers, the ZeuS Trojan is capable of carrying out the following
commands:
* Display SMS: Unmonitored
SMS will be treated as a normal SMS and will be displayed
on the phone.
* Delete/drop SMS: SMS
from hacker will not be seen by the user
* Forward SMS: Send
SMS to hacker without the user's knowledge
* Block calls
* Remove block calls
* Set administrator:
Register a new administrator.
* On/off
* Add sender
* Remove sender
* Set sender
* Block/unblock phone
numbers
Variants of the Zeus
Trojan have been previously detected for the Symbian and Windows
Mobile operating systems, exhibiting similar behavior. The aim of the
Zeus Trojan on smartphones is to monitor users' private information
and in particular when they conduct mobile online banking. As
smartphones gain popularity, users will face the same security
threats faced by PC users.