Ten months ago we�ve published an article about ZeuS-in-the-Mobile which contains an overview of everything we knew about ZitMo at that moment. The paper finishes with the following prediction: �they [attacks involving ZitMo] will become more specifically targeted against a smaller number of victims�. This prediction appears to have been correct. It�s not that often when we hear/find new wave of ZeuS-in-the-Mobile (or SpyEye-in-the-Mobile) attack. So every new piece of information about these types of malware and/or attacks involving them is very important and helps to understand the evolution of one of the most interesting threats in mobile space so far. Just a small reminder: ZeuS-in-the-Mobile is almost 2 years old. And this blog is about new samples (and probably new wave of attack)) of ZitMo for Android and Blackberry.
New samples overview
We�ve got 5 new files of ZitMo: 4 for Blackberry and 1 for Android. As you may know, the Blackberry platform has never been actively targeted by malware. And here we have 4 different samples of ZeuS-in-the-Mobile for Blackberry at once: 3 .cod files and 1 .jar file (with one more .cod inside). Yes, finally we�ve got a ZitMo dropper file for Blackberry.
As for Android, there is only one .apk dropper. But this ZeuS-in-the-Mobile for Android has been modified and now looks like a �classic� ZitMo with same commands and logic.
Countries and C&C numbers
All samples of ZitMo we�ve seen so far target users from various European countries (Spain, Poland, Germany, etc). This case is no exception. Here is a list of countries from which users are threatened by new ZeuS-in-the-Mobile with C&C number from the sample.
Blackberry:
- Germany +46769436094
- Spain +46769436073
- Italy +46769436073
- Spain +46769436073
Android
- Germany +46769436094
To summarize, there are 3 countries (Germany, Spain and Italy) and 2 C&C numbers (both are Swedish). We found out that these cell phone numbers belong to Tele2 mobile operator in Sweden.
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
Hiç yorum yok:
Yorum Gönder