The Italian Honey Project

In this post, we are going to talk about a better alternative planned by a ZeuS gang: infect the mobile device and sniff all the SMS messages that are being delivered. The scenario is now easier:

1. The attacker steals both the online username and password using a malware (ZeuS 2.x)

2. The attacker infects the user’s mobile device by forcing him to install a malicious application (he sends a SMS with a link to the malicious mobile application)

3. The attacker logs in with the stolen credentials using the user’s computer as a socks/proxy and performs a specific operation that needs SMS authentication

4. An SMS is sent to the user’s mobile device with the authentication code. The malicious software running in the device forwards the SMS to other terminal controlled by the attacker

5. The attacker fills in the authentication code and completes the operation.

via S21sec Security Blog: ZeuS Mitmo: Man-in-the-mobile (I).