The Zeus Mitmo attack is likely just the beginning of a man-in-the-mobile attack, S21sec says. The Trojan had the ability to manipulate a mobile device’s address book and add an entry for a number that could be hard-coded or programmed into the device. Once fraudsters had control of the address book, they could send text messages without the user even knowing. The Active Service Pages or ASP.net framework, on which half of all online banking sites are based, is vulnerable.”]
Source: https://www.bankinfosecurity.com/zeus-strikes-mobile-banking-a-3005

