This spyware is flagged as noteworthy as it targets BlackBerry phone users.
To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below.
It sends notification to a UK number upon successful installation. It also monitors incoming calls and SMS. It adds a database to the phone that may contain a list of users and administrators for the app. It has a stealth mechanism that prevents being seen as an installed app.
It may receive commands via SMS. Its objective is to steal user information by forwarding SMS messages to a set/predefined admin number.
It is a counterpart of SYMBOS_ZBOT.B and WINCE_ZBOT.B, which are malware for devices running on Symbian OS and Windows Mobile, respectively. It is also a counterpart of TSPY_ZBOT.HQ, a Windows OS malware.
This spyware arrives as a component bundled with malware/grayware packages.
File size: 12,496 bytes
File type: Other
Memory resident: No
Initial samples received date: 02 Mar 2011
Payload: Compromises system security, Steals user information
Arrival Details
This spyware arrives as a component bundled with malware/grayware packages.
Other Details
This spyware does the following:
- Performs the following actions:
- Add a database to the infected phone that may contain a list of users and administrators for the app
- Monitor incoming calls and SMS
- Operated in stealth mode to prevents being seen as an installed app
- Send notification to the UK number, +447{BLOCKED} on successful installation
- Receives the following commands via SMS:
- Add sender
- Block
- Rem (remove) sender
- Set admin
- Set sender
- Steals user information by forwarding SMS messages to a set/defined admin number
Connect with us on
| | | |