clock menu more-arrow no yes mobile

Filed under:

Researchers discover five new samples of ZitMo malware for Android and BlackBerry

New, 41 comments

Kaspersky Lab researchers have identified five new samples of the ZitMo malware package, affecting BlackBerry and Android devices.

ZitMo malware screens
ZitMo malware screens

Security researchers at Kaspersky Lab have discovered five new samples of the ZeuS-in-the-Mobile (ZitMo) malware package, targeting Android and BlackBerry devices. Like the Zeus trojan for Windows, ZitMo targets users' online banking information — once installed, the packages forward all incoming SMS messages to one of two command and control numbers located in Sweden, with the aim of snaring secure codes and other data.

While the new samples contain relatively few changes from previous versions, Kaspersky Lab speculates that they may herald a "new wave of ZitMo attacks." A self-issued certificate embedded in the Android version's APK file reads "Valid from: Thu July 19," suggesting that the sample is just a few weeks old.

Both versions of the trojan appear to be aimed at German-speaking users, with the Android package posing as a security certificate (or "Zertifikat") and include the ability to block calls as well as SMS messages. For more information, including background on the Symbian and Windows Mobile versions, check out Kaspersky Lab's in-depth ZitMo guide.