A new variant of the Android banking trojan TrickMo [1] [2] [4] [5] [6], associated with the TrickBot e-crime gang [2] [4], has been identified by cybersecurity researchers [2] [4] [5]. This malware targets Android devices in Germany and employs advanced evasion techniques to avoid detection and analysis.
Description
TrickMo utilizes anti-analysis methods like malformed ZIP files, JSONPacker [4] [5], and dropper apps disguised as legitimate applications such as Google Chrome [7]. By exploiting Android Accessibility Services [3] [6], TrickMo gains control over infected devices [2] [7], enabling it to capture banking credentials, steal OTPs and 2FA codes [2] [5], record screen activity [2] [4] [5], log keystrokes [1] [2] [3] [4] [5] [7], harvest photos and SMS messages [2] [4] [5], and conduct malicious actions. The trojan communicates with a Command and Control server to exfiltrate stolen data [7], including credentials and personal photos [2] [7], with a recent data leak exposing 12 GB of victim information [7]. The new variant of TrickMo includes features such as screen recording, keylogging [4] [6] [7], and remote control [6], allowing attackers to conduct On-Device Fraud directly on victims’ devices [6].
Conclusion
The misuse of Android’s Accessibility Services by TrickMo poses a significant threat, putting victims at risk of financial fraud, identity theft [1] [2] [4] [5] [6], and extortion [6]. Mitigations should be implemented to prevent such attacks, and ongoing efforts to address security vulnerabilities related to sideloading apps are crucial to protect users from future threats.
References
[1] https://cybersecuritynews.com/trickmo-android-banking-malware-attack/
[2] https://vulners.com/thn/THN:81FE54BF4639365F64A4AF0245F5F753
[3] https://thecyberwire.com/podcasts/daily-podcast/2149/transcript
[4] https://bytewavelab.blogspot.com/2024/09/trickmo-android-trojan-exploits.html
[5] https://thehackernews.com/2024/09/trickmo-android-trojan-exploits.html
[6] https://securityonline.info/beware-the-new-trickmo-banking-trojan-enhanced-features-increased-danger/
[7] https://cybermaterial.com/new-banking-malware-targets-android-users/