Zeus is a malware Trojan horse designed mainly to steal online banking details from users. This malware has been around for a couple of years and the mobile variants are called Zitmo (Zeus in the mobile). Previously it mainly infected Android phones (no surprise) but Kaspersky Lab has noticed a new and surprising focus upon BlackBerry phone users.
Zitmo masquerades as a banking security app or security add-on. In particular it pretends to be an update to security certificates for your mobile device. Kaspersky predicted that Zitmo would be targeted at specific mobile niches and now they have examples of Zitmo aimed at BlackBerry users in Germany, Spain and Italy.
The Zitmo attack is “one of the most interesting threats in mobile space so far”. It circumvents mobile banking app security by simply forwarding the infected mobile's SMS messages to a command and control mobile, owned by cyber criminals. It is common for some European banks to send one-time authentication passwords to users via SMS.
An example BlackBerry mobile banking app, hopefully this one doesn't use SMS for passcode reminders.
BlackBerry devices have been mostly spared from malware writers and cyber criminal targeting, so this new Zitmo Trojan has raised a few eyebrows. The BlackBerry system is well known for good security features, held in high regard by big business and governments. With many such high value customers, security is extremely important to BlackBerry parent company RIM. Adrian Stone of the BlackBerry Security Team was recently at the Black Hat conference in Las Vegas and said “When you look at our customer base, it's not only enormous, but it's also high-value. You start at the White House and work your way down. We start with the code and work our way up from there. The end-to-end security premise of BlackBerry is real. We always have to be vigilant. We look at things from everywhere.”
I think the European banks concerned should change their system, avoiding the SMS authentication codes, even if it makes things less convenient. If you want to read more about the new Zitmo attacks on BlackBerry and also on Android check out Securelist, the official Kaspersky blog.