Malware, Application security

Updated TrickMo Android trojan emerges

Share
A green Google Android figure on digital blur background.

More advanced anti-detection capabilities have been integrated into an updated iteration of the TrickMo Android banking trojan, which is believed to have been developed by the TrickBot cybercrime operation, The Hacker News reports.

Attacks involved the utilization of a fraudulent Google Chrome app, which when installed triggers a prompt for updating Google Play Services and eventually downloads TrickMo as "Google Services" before seeking the approval of accessibility permissions, according to an analysis from Cleafy. TrickMo would then leverage escalated permissions to facilitate SMS interception, authentication code concealment, and credential-stealing HTML overlay attacks, said Cleafy researchers, who noted that both the dropper app and TrickMo have been using malformed ZIP files and JSONPacker to ensure stealth. Further analysis revealed that TrickMo's command-and-control server had misconfigurations that exposed 12 GB of stolen device information, as well as phony bank and crypto login pages used in overlay attacks, which other threat actors could use for identity theft and online account breaches.

Updated TrickMo Android trojan emerges

Attacks involved the utilization of a fraudulent Google Chrome app, which when installed triggers a prompt for updating Google Play Services and eventually downloads TrickMo as "Google Services" before seeking the approval of accessibility permissions.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.