MitMo (also known as "Man-in-the-Mobile") is a cyber threat that targets mobile devices, intercepting and altering communications between a mobile device and the services the user interacts with.

MitMo (also known as “Man-in-the-Mobile”) is a cyber threat that targets mobile devices, intercepting and altering communications between a mobile device and the services the user interacts with. MitMo poses a significant threat to mobile security, combining elements from man-in-the-middle (MitM) attacks with mobile malware.

2023 Global Mobile Threat Report

How a MitMo attack works:

MitMo attacks can take many forms and are constantly evolving. However, a common scenario is that a desktop component of the malware requests the victim’s phone number and sends an SMS link to their mobile device to download a “security application.” Users then click on the SMS link to install the fake application and enter an activation code provided by the malware. Once installed, the mobile malware captures all SMS traffic, including transaction authorization codes sent by the bank to the victim. It forwards them to the threat actors, enabling the hackers to initiate fraudulent transactions and intercept the security codes needed to authorize them. 

Here’s how MitMo undermines mobile security:

  1. Intercepting Communication: MitMo attacks involve intercepting communications between mobile devices and networks they connect to, with attackers positioning themselves between these entities to eavesdrop on traffic between them.
  2. Identity Theft: When attackers gain access to a device’s communication stream, they may capture sensitive data transmitted by it, such as usernames and passwords sent from devices and authentication tokens or credentials, which could later be used for identity theft or unauthorized account access. This data could then be misused against its rightful owners and lead to identity theft or unauthoritarian account access for further fraud or misuse by individuals seeking unauthorized entry.
  3. Transaction Manipulation: MitMo attacks can use their abilities to manipulate transactions through social engineering techniques. For instance, when initiating financial transactions online, an attacker could modify transaction details or divert funds directly into their accounts by altering recipient info or redirecting funds through fraudulent channels.
  4. Malicious Payloads: MitMo attacks frequently involve injecting malicious payloads onto the target device and intercepting and altering communication, including malware, spyware, or keyloggers that can give attackers control of it or collect user data or monitor user activities. These payloads allow hackers to control devices remotely, steal information, or monitor users’ activities.
  5. Phishing attacks: MitMo attacks often use phishing techniques to persuade users to divulge sensitive data voluntarily. Attackers may craft convincing fake login screens or webpages that mimic legitimate services, prompting unknowing people to enter their credentials.
  6. Advanced techniques: MitMo attacks constantly evolve, and attackers use sophisticated strategies to avoid detection and bypass security measures. Such methods could include SSL stripping, certificate spoofing, or DNS spoofing to manipulate communication channels further and make their attacks harder to detect.

MitMo attacks pose a critical threat, exploiting users’ trust in mobile devices and the services they access. To limit this risk, adopting comprehensive security practices – using HTTPS connections for secure connections; avoiding public Wi-Fi networks; keeping devices and apps up-to-date; being wary of suspicious or unverified sources, and being cautious when sharing personal data over public Wi-Fi networks.

Related Content

Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox

Get started with Zimperium today