The Russian security firm has identified five new Zitmo samples: four for BlackBerry and one for Android.
“As you may know, the Blackberry platform has never been actively targeted by malware. And here we have 4 different samples of ZeuS-in-the-Mobile for Blackberry at once: 3 .cod files and 1 .jar file (with one more .cod inside). Yes, finally we’ve got a ZitMo dropper file for Blackberry. As for Android, there is only one .apk dropper. But this ZeuS-in-the-Mobile for Android has been modified and now looks like a ‘classic’ ZitMo with same commands and logic”, wrote Kaspersky Lab researcher Denis Maslennikov.
The new Zitmo malware is targeting users in European countries, including Spain, Poland, Italy, and Germany. Not surprisingly, the command and control server numbers are in those countries.
Maslennikov noted that the new Zitmo samples do not prove that this is a new wave of Zitmo attacks. But he noted that the Android sample includes a self-issued certificate that is dated from last month. This “suggests that at least the Android application was developed less than a month ago”, he opined.