Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Zorenium bot said to be updated for iOS, capable of various attacks

The iOS operating system is well-known for its security, but if the alleged author of a new multipurpose bot known as Zorenium is telling the truth, a recent update may put Apple mobile devices at risk.

As per a March 18 update, Zorenium – which first popped up on the scene in January and allegedly also works on Windows and Linux machines – will now run on Apple mobile devices running iOS 5 through iOS 7, according to a full description of the bot posted to Pastebin.

Zorenium is still in beta, but its author claims it has many capabilities, including distributing banking trojans, carrying out distributed denial-of-service (DDoS) attacks, form grabbing, and Bitcoin mining, according to the post, which explains how the malware is well-protected against anti-virus and anti-malware solutions.

The bot is also said to feature fake shutdown modules, which trick victims into thinking they are shutting down their hardware. In reality, Zorenium is using fake shutdown images, dropping the device into standby, and delaying the fans to create the illusion the device is off.

The author is offering various packages of Zorenium, with costs ranging from about $570 to about $8,000, but some in the community are suggesting that Zorenium was never completed and the posting is a sham.

Beginning March 20, Israel-based cyber intelligence company SenseCy began releasing some preliminary research on Zorenium based on developer notes and certain discussions in Russian underground forums, but the company has not been able to carry out any hands-on analysis.

“We have yet to been able to acquire a sample of the bot and do not have any additional technical details over what is specified in the release notes of the malware's author,” Assaf Keren, CTO of SenseCy, told in a Tuesday email correspondence.

Whether Zorenium is fake or not, mobile devices, particularly those running the Android operating system, are increasingly becoming targets for attackers and Keren said he expects that trend will continue to rise.

“In my mind, both Android and iOS are being targeted and continue to be targeted and, [in my honest opinion], it is only a matter of time until somebody finds a [zero-day vulnerability] in Apple's iOS and uses it in order to create an iOS based botnet,” Keren said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.