Algorithm Substitution Attack (ASA) can undermine the security of cryptographic primitives by subverting the original implementation. ASA succeeds when it extracts secrets without being detected.To launch an ASA on signature schemes, existing research works often have to collect signatures with successive indices to extract the signing key. However, collection with successive indices requires uninterrupted surveillance of the communication channel and low loss rate of transmission in practice. This hinders the current ASAs from being practically implemented, and making users misbelieve the threat incurred by ASA is only at the theoretical level and much far from reality. In this paper, we first classify a group of schemes called extractable signatures that achieve traditional security (unforgeability) by reductions ending with key extraction, showing that there is a generic and practical approach for ASA to this class of signatures. Then, we present the implementations of ASAs that only two signatures and no further requirements are needed for extraction of widely used discrete log based signatures like DSA, Schnorr and Modified ElGamal signature schemes. Our attack presents a realistic threat to current signature applications, which can even be implemented in open and unstable environment like a vehicular ad hoc network. Finally, we prove the proposed ASA is undetectable against polynomial time detectors and physical timing analysis.