TrickMo Android Banking Malware Adopts TON Blockchain for Stealth
The TrickMo Android banking malware has evolved to use the TON blockchain for stealthy command-and-control communications, targeting users across Europe.
A new variant of the TrickMo Android banking malware has been identified, featuring updated capabilities for covert command-and-control (C2) communications. The malware now utilizes The Open Network (TON) blockchain to hide its traffic, making detection more difficult for traditional security solutions.
The campaign is actively targeting users across Europe, employing new commands to facilitate unauthorized banking access and data theft [BleepingComputer]. The use of decentralized infrastructure like TON represents a significant evolution in the tactics used by mobile banking trojans to evade network-level monitoring.
Users are advised to avoid downloading applications from unofficial sources and to remain vigilant against suspicious requests for permissions on their Android devices. Security researchers continue to monitor the evolution of TrickMo and its integration with blockchain-based communication channels.