Man in the mobile

do blog S21sec:

"(...) many companies (not only financial institutions) are using SMS as a second authentication vector, so having both the online username and password is not enough in the identity theft process. There are some social engineering techniques in the wild that try to handle this issue by luring the user; the user thinks that is doing a specific operation, but in fact he is doing other forged one (man-in-the-browser, JabberZeus, etc.)

In this post, we are going to talk about a better alternative planned by a ZeuS gang: infect the mobile device and sniff all the SMS messages that are being delivered."

Os posts:
http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html
http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-ii.html
http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-iii.html