BlackBerry Ltd Legacy Phones Hit By ‘Inception’ Malware

Updated on

BlackBerry Ltd (NASDAQ:BBRY) (TSE:BB)’s legacy smartphones are being targeted by the Inception malware, which is the most sophisticated malware hitting the mobile devices and PCs of executives, diplomats and military professionals, says a report from CSO. According to BlueCoat Labs, a security vendor, this is the “most sophisticated” virus attack it has ever come across.

Malware targets all platforms, including BlackBerry

The name of the malware comes from the sci-fi thriller Inception, in which Leonardo DiCaprio played the lead. The malware is spreading through fake attachments to phishing emails and has different modules to strike Windows, iOS, Android and BlackBerry devices. The probable victims of this new type of malware could be executives from the oil, finance, and engineering markets, military officers, and embassy personnel and government officials, according to the report from BlueCoat researchers Snorre Fagerland and Wayne Grange.

Gates Cap Management Reduces Risk After Rare Down Year

Gates Capital Management's ECF Value Funds have a fantastic track record. The funds (full-name Excess Cash Flow Value Funds), which invest in an event-driven equity and credit strategy Read More

In BlackBerry’s phones, the malware is spreading through Java Applications Descriptor files to support OTA updates for Java-based apps. It is capable of collecting information such as unique device identifiers, carrier information and activity such as calls logs and contacts.

The BlackBerry malware was a Java descriptor, but the attackers have designed different malware for jail-broken iPhones and Android devices that prompts the user as a WhatsApp update installer package. This malware is using social engineering rather than entering devices through software loopholes.

No suspects as of now

To infect BlackBerry and other platforms, the Inception campaign was processed through Swedish cloud service to host its files and channel its command and control traffic with the help of WebDAV protocol, believes Blue Coat Labs. Those enterprises that want to weather the malware should look for unauthorized WebDAV traffic. On Wednesday, another security firm, Kaspersky, published its findings on the malware, but has termed it “Cloud Atlas.”

Some are suggesting it is a Russia-backed malware, but BlueCoat is not ruling out any possibility. According to BlueCoat, there are indications that it comes from China due to “Chinese components,” but it also suggests that it could have ties with South Korea, India, the Ukraine, Russia, the U.S. or the UK, or the Middle East.

Initially, the attacks targeted individuals in Russia and other Eastern European countries, but now cases have been reported by executives in the oil and energy industry in Romania, Venezuela, and Mozambique.

Subscribe to ValueWalk!

Get updates on the latest posts and more from ValueWalk straight to your inbox.