Zeus Trojan Infects BlackBerry via SMS

Comments

trojan-horse

BlackBerry is a mostly secure platform, but information on a new Zeus Trojan that has migrated to the BlackBerry has recently been announced.  In an effort to help keep you and your fellow BlackBerry users safe, we want to share the details of the trojan. According to infoseland “The malware allows remote access of infected Blackberry devices by the attacker, who can then change the SMS message default number, add a new device administrator, control blocked call lists, and even turn the device on and off. The Trojan also removes itself from the list of installed applications to avoid scanning and detection by antivirus software.”

Cert Polska reports that once the trojan is downloaded, you have a few removal options. The trojan sent the file cert.jad . Upon it’s installation, you’ll find sertificate, which is either sertificate.jar or sertificate.cod under Options -> Applications. Delete this application and reboot your phone. If this is unsuccessful or if you’d like a more thorough approach, you can do a full wipe of the device.

Stay safe out there and don’t install software via SMS unless you specifically requested it.

Sources: Infosecland and CERT

  • http://caspan.com Caspan

    Please remember this requires a user to be silly enough to install it. If you don”t know what links you are clicking on randomly this is bound to happen. The BlackBerry will do anything you tell it to do. Software is designed to be robust and be able to do anything so if you install software that the purpose of it is to do this well you got exactly what you installed.

    If this could be installed without the users knowledge or needing to acknowledge trusted application status and then acknowledgement to using the internet …… that is 3 barriers that you have to hurdle that requires user intervention! Again if the user is silly enough they could install remote management tools that would give you 100% access to the BlackBerry and to everything on it.

  • Anonymous

    Are these guys talking about the same Trojan here? How can it “hide itself form the list of application” yet removable under “Options->Applications”?