The attacker could pretend to be the service the user is trying to authenticate to, issue a bogus challenge signed with the user's public key. That will allow intercepting the user's interactions but by this time the attacker has control over the target system so why not just take what is inside rather than go to the effort of interacting with the user?