Blackberry Phones are the current target for cyber criminals

As early as 2006, Trend Micro researchers predicted the fact that the BlackBerry technology could be exploited by Cybercriminals. Smartphone till date has been spared by the regular Cyber attacks over the Years although there have been regular news of Malware attacks on Smartphones from different parts of the World. Research In Motion's BlackBerry OS has been virtually impossible to exploit, which has allowed it to become world renown for its security. However, according to Trend Micro there is a new attack specifically targeting BlackBerry's SMS feature.

Trend Micro Researchers were alerted to the discovery of a ZeuS Trojan specifically targeting the Blackberry Users. Blackberry OS is currently detected by Trend Micro as BBOS_ZITMO.B. Just like its desktop counterpart, this ZeuS variant does not display any graphical user interface (GUI) that can prompt users about the infection. Instead, it removes itself from the list of applications. Upon successful installation, it sends a confirmation message to the administrator to signal that it is ready to receive commands. It specifically sends the message “App Installed OK”{please refer to the picture attached}. After the confirmation message the Trojan can view, delete and forward SMS, block calls, change the administrator on the device and block phone numbers. It allows the hacker to change the telephone number the device sends all the data to in the event that it gets shut down. The aim of the Zeus Trojan on smartphones is to monitor users' private information and in particular when they conduct mobile online banking.

“As more users access internet from expanding pool of devices, web based threats will continue in size. The Growth of Smartphones and faster data speeds will also increase the possibilities of infection. As criminals devise ways to make money out of exploiting mobile technologies, mobile users will grow extremely vulnerable”, commented Mr. Amit Nath Country Manager India and SAARC Trend Micro. He Further added “With the growing diversity of operating systems among companies, as well as the growing use of mobile devices, cybercriminals should have a very profitable 2011. Their tactic will be to put a new spin on social engineering by way of malware campaigns, by bombarding recipients with emails that drop downloaders containing malware. All this will largely be made possible because of the Internet”.

According to Trend Micro Researchers, the ZeuS Trojan is capable of carrying out the following commands: Display SMS: Unmonitored SMS will be treated as a normal SMS and will be displayed on the phone; Delete/Drop SMS: SMS from hacker will not be seen by the user; Forward SMS: Send SMS to hacker without the user's knowledge; Block Calls; Set Administrator: Register a new administrator; On/Off; Add Sender; Remove Sender; Set Sender; Block/Unblock Phone Numbers.

Variants of the Zeus Trojan have been previously detected for the Symbian and Windows Mobile operating systems, exhibiting similar behaviour. The aim of the Zeus Trojan on smartphones is to monitor users' private information and in particular when they conduct mobile online banking. As smartphones gain popularity, users will face the same security threats faced by PC users.