Security specialists have discovered a new variant of the TrickMo banking Trojan, which has compromised approximately 13,000 Android devices.
Zimperium, building on earlier research by Cleafy, indicates that the malware spreads primarily through phishing schemes and social engineering tactics, often disguising itself as genuine banking or utility applications.
This updated version of TrickMo poses a significant threat as it can hide its code from detection and capture device unlock patterns or PINs. Additionally, it has the ability to intercept login information, one-time passwords, access private files, grant permissions, record screens, and even remotely control devices.
These features contribute to its potential for serious threats, including identity theft.
Experts note that while TrickMo continues to function as a typical Android banking Trojan, the data it gathers could enable attackers to exploit victims on multiple fronts. This malware is linked to the TrickBot group, a criminal syndicate believed to operate out of Russia.
Zimperium’s research highlights that over 13,000 IP addresses have been affected, with victims predominantly found in Canada, the UAE, Turkey, and Germany, demonstrating the extensive impact of this malware campaign.
An extensive international cybercrime network has been brought down after law enforcement seized 145 domains linked to BidenCash, a notorious online marketplace that thrived on trading stolen credit card data and compromised digital identities.
Hackers in the crypto world are changing course, moving away from exploiting smart contracts and turning their focus toward tricking users directly.
Coinbase is now facing mounting scrutiny after it allegedly sat on a serious data breach for over four months, exposing the personal information of nearly 70,000 users before taking action.
A major security lapse has rocked Taiwan-based crypto exchange BitoPro, which quietly suffered an $11.5 million hack earlier in May but failed to alert users for weeks.