The perpetrators are looking to dupe unfortunate victims with a fake e-mail that has been mocked up using a template swiped from a legitimate RIM communique, so it looks safe on the surface. The mail tells the consumer that he or she has “successfully created a Blackberry ID” and then directs the reader to open an attached file for more information: “To enjoy the full benefits of your BlackBerry ID, please follow the instructions in the attached file," it innocently reads.
The file, naturally, launches a virus that takes over the handset. Websense’s ThreatScope analysis reports that running the attachment drops other executable files and modifies the system registry to automatically start these malware programs when the system starts.
Thanks to Blackberry’s server-based enterprise configuration, which offers built-in virus detection and firewall functionality, the platform has not been the go-to target for cyberattackers despite the fact that the legacy customer base tends toward the business user and executive set – a fertile field for financially-motivated maliciousness. But as workers increasingly opting to use personal smartphones for work, this bring-your-own-device (BYOD) trend is opening up security holes to get at the consumer side of Blackberry and making such attacks more attractive to the malware community.
In fact, 83% of companies now allow employees to use their own mobile devices for work, according to the most recent data from Aberdeen Research. That’s a lot of phones not benefitting from the auspices of standard corporate security.
So perhaps unsurprisingly, this is the second Blackberry-focused attack in one month. Earlier in August a mobile version of the Zeus malware, Zitmo (short for Zeus in the mobile), started making the rounds on the platform. It lures victims into running an app called Zertifikat, which is designed to steal online banking credentials by monitoring SMS messages. If a bank sends a person a text with a user name or password as part of the standard “forgot your password/ID” process, the app intercepts it and sends the information off to a remote server.