Zitmo refers to a version of the Zeus malware that specifically targets mobile devices. Previous Zitmos variants masqueraded as banking security applications or security add-ons to circumvent out-of-band authentication systems used by some financial institutions by intercepting one-time passwords sent via text message and forwarding it to a another cell number that acted as a command-and-control device.
Collaborating on research is important because the vulnerability doesn’t have to be within BlackBerry’s code to compromise the platform, Stone noted. For example, researchers exploited issues in the open source browser engine Webkit to hack a BlackBerry last year’s CanSecWest Pwn2Own contest. It’s about “protecting the ecosystem,” as one vulnerability identified in one platform can easily exist in another platform, Stone said.