New Banking Trojan Compromises 13,000 Android Users, Security Experts Warn

Security specialists have discovered a new variant of the TrickMo banking Trojan, which has compromised approximately 13,000 Android devices.

Zimperium, building on earlier research by Cleafy, indicates that the malware spreads primarily through phishing schemes and social engineering tactics, often disguising itself as genuine banking or utility applications.

This updated version of TrickMo poses a significant threat as it can hide its code from detection and capture device unlock patterns or PINs. Additionally, it has the ability to intercept login information, one-time passwords, access private files, grant permissions, record screens, and even remotely control devices.

These features contribute to its potential for serious threats, including identity theft.

READ MORE:

Indian National Sentenced for $20 Million Coinbase Scam

Experts note that while TrickMo continues to function as a typical Android banking Trojan, the data it gathers could enable attackers to exploit victims on multiple fronts. This malware is linked to the TrickBot group, a criminal syndicate believed to operate out of Russia.

Zimperium’s research highlights that over 13,000 IP addresses have been affected, with victims predominantly found in Canada, the UAE, Turkey, and Germany, demonstrating the extensive impact of this malware campaign.

Kosta Gushterov

Kosta has been working in the crypto industry for over 4 years. He strives to present different perspectives on a given topic and enjoys the sector for its transparency and dynamism. In his work, he focuses on balanced coverage of events and developments in the crypto space, providing information to his readers from a neutral perspective.