Back in March of 2011, the ZeuS-in-the-Mobile (ZitMo) malware package had made its way onto the BlackBerry platform in the way of its mobile version, called Zitmo. The Zitmo trojan has been more prominent with infiltrating Android devices, but it seemingly has sprung up once again to BlackBerry users in Europe recently.
Zitmo variants have masqueraded as banking security applications or security add-ons, targeting users’ banking information. The app shows up on an infected phone as “Zertifikat,” as shown in the screenshot above. When the victim runs the app, it displays a message in German telling the users that the installation was successful and shows an activation code for the app.
Once installed, the packages forward all incoming SMS messages to one of two command and control numbers located in Sweden, with the aim of snaring secure codes and other data.
Security researchers at Kaspersky Lab have discovered five new samples of the malware package, and it’s targeting Android and BlackBerry devices. While the new samples contain relatively few changes from previous versions, Kaspersky Lab speculates that they may herald a “new wave of ZitMo attacks.” A self-issued certificate embedded in the Android version’s APK file reads “Valid from: Thu July 19,” suggesting that the sample is just a few weeks old.