Share

Top 5 Stories

News

BlackBerry targeted by second malware attack

28 August 2012

As if BlackBerry customers didn’t have enough to worry about with RIM teetering on the edge of market share irrelevance (holding at just over 1% in the US), hacking watchdog Websense ThreatSeeker Network has discovered a spam-based malware campaign targeting BlackBerry customers.

The perpetrators are looking to dupe unfortunate victims with a fake e-mail that has been mocked up using a template swiped from a legitimate RIM communique, so it looks safe on the surface. The mail tells the consumer that he or she has “successfully created a Blackberry ID” and then directs the reader to open an attached file for more information: “To enjoy the full benefits of your BlackBerry ID, please follow the instructions in the attached file," it innocently reads.

The file, naturally, launches a virus that takes over the handset. Websense’s ThreatScope analysis reports that running the attachment drops other executable files and modifies the system registry to automatically start these malware programs when the system starts.

Thanks to Blackberry’s server-based enterprise configuration, which offers built-in virus detection and firewall functionality, the platform has not been the go-to target for cyberattackers despite the fact that the legacy customer base tends toward the business user and executive set – a fertile field for financially-motivated maliciousness. But as workers increasingly opting to use personal smartphones for work, this bring-your-own-device (BYOD) trend is opening up security holes to get at the consumer side of Blackberry and making such attacks more attractive to the malware community.

In fact, 83% of companies now allow employees to use their own mobile devices for work, according to the most recent data from Aberdeen Research. That’s a lot of phones not benefitting from the auspices of standard corporate security.

So perhaps unsurprisingly, this is the second Blackberry-focused attack in one month. Earlier in August a mobile version of the Zeus malware, Zitmo (short for Zeus in the mobile), started making the rounds on the platform. It lures victims into running an app called Zertifikat, which is designed to steal online banking credentials by monitoring SMS messages. If a bank sends a person a text with a user name or password as part of the standard “forgot your password/ID” process, the app intercepts it and sends the information off to a remote server. 

This article is featured in:
Malware and Hardware Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×