ZeuS Mitmo: Man-in-the-mobile (II)

After explaining the scenario, we can share more details. Stealing the username or the password is relatively easy, and malware like ZeuS have been doing that for ages (injecting HTML or adding field using JavaScript work like a charm). But now, the trojan will also ask for new details: our mobile vendor, model, and phone number (the website will force you to fill in this information due to its new security measures).

Once the information has been filled in, an SMS will be sent to the mobile device with a link to download the new security certificate (which it's a malicious application).

It is important to emphasize that depending on your mobile vendor, the link will be pointing to a Symbian application (.sis) or a BlackBerry one (.jad). Why those vendors and for instance iPhone is not there? Any user can install any application in those vendors just by clicking 'ok' when asking for it in the device. iPhone only can install applications through the AppStore (unless they are jailbroken, but that's another story)

ZeuS Mitmo: Man-in-the-mobile (I)

ZeuS Mitmo: Man-in-the-mobile (II)

ZeuS Mitmo: Man-in-the-mobile (III)

David Barroso

S21sec e-crime