Zorenium Bot Coming to the iPhone Nearest to You

Written by Tanya Koyfman and Assaf Keren

Recently our analysts have been monitoring the advancement of a new threat in the commercial malware theater – the Zorenium Bot. Zorenium, a relatively new and unknown bot,  has been for sale on the underground sinceJanuary 2014. This bot will be getting new features in its March 18th update, including, the ability to infect iOS devices (version 5-7), alongside its existing capabilities to run on Linux- and Windows-based machines. The developers have also updated the rootkit to TDL4 (making it vulnerable to anti-TDSS tools).

 zorenium1

Capture of the recent release notifications

Zorenium, a relative of Betabot, is a very robust bot which is still undetected by most AV companies. It has several key abilities, including DDoS, Formgrabbing, Bot-killing, Banking Trojan and Bitcoin mining. The cost of a basic Zorenium bot is 350 GBP and with advanced features (including P2P C&C, i2p C&C and more) it can go up to over 5000GBP.

 zorenium2

Zorenium Payment Plans

According to the developers, it is still in beta mode and more features will be available in time .

 zorenium3

Zorenium Source Screen Capture

13 thoughts on “Zorenium Bot Coming to the iPhone Nearest to You

  1. Pingback: New Zorenium Bot Boasts Ability to Run on iOS | Threatpost | The first stop for security news

  2. Pingback: New Zorenium Bot Boasts Ability to Run on iOS « Cyber Security Aid

  3. Is this bot actually being sold on any forums? I’ve only been able to find pastebin posts about it and none of the samples I’ve found contain any of the features described. Is there any chance you could email me any further info? I’ve been tracking this bot since early November and have not found any evidence of it being real.

  4. According to posts i’ve seen on IRC the samples found online, contain such little & obfuscated code, due to the fact the developer is wanted by the police (none cyber related crimes) and as no time to sit down and do debugs on every small update/fix he/she does. the reason he states there is public samples online is because, there as been no other place to debug/ test so hes having to compile samples of the features he can allow to be public, and the rest (complete samples) go to trusted friends, who get in contact with him daily using UK-SMS… So according to him, the reasons the samples are so crappy and obfuscated, is because of the above.
    he/she also states the fact that the “Zorenium bot” will not be sold across public forums, and is currently on the market on underground forums, and places similar to “”SilkRoad”” He/she also stated the fact that iOS 5-7 support is indeed working, due to an unlisted vulnerablity on the iOS. he/she states that the vulnerabilty is not needed on iOS which contains the jailbreak modules.

  5. According to posts i’ve seen on IRC the samples found online, contain such little & obfuscated code, due to the fact the developer is wanted by the police (none cyber related crimes) and as no time to sit down and do debugs on every small update/fix he/she does. the reason he states there is public samples online is because, there as been no other place to debug/ test so hes having to compile samples of the features he can allow to be public, and the rest (complete samples) go to trusted friends, who get in contact with him daily using UK-SMS… So according to him, the reasons the samples are so crappy and obfuscated, is because of the above.
    he/she also states the fact that the “Zorenium bot” will not be sold across public forums, and is currently on the market on underground forums, and places similar to “”SilkRoad”” He/she also stated the fact that iOS 5-7 support is indeed working, due to an unlisted vulnerablity on the iOS. he/she states that the vulnerabilty is not needed on iOS which contains the jailbreak modules.
    And for the linux platform, ive been told it supports x64_x86 platforms, some features are still to be sorted for the linuxOS but the binary files for windows obviously WILL NOT work on those platforms, a cross-gnu compiler is required.

  6. Pingback: ste williams – ZOMBIE iPAD PERIL? Cyberbadness slinger touts tool for iOS

  7. Pingback: New variant of Zorenium Bot can infect iOS devices

  8. Pingback: ZOMBIE iPAD PERIL? Cyberbadness slinger touts tool for iOS | Gens News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s