Security specialists have discovered a new variant of the TrickMo banking Trojan, which has compromised approximately 13,000 Android devices.
Zimperium, building on earlier research by Cleafy, indicates that the malware spreads primarily through phishing schemes and social engineering tactics, often disguising itself as genuine banking or utility applications.
This updated version of TrickMo poses a significant threat as it can hide its code from detection and capture device unlock patterns or PINs. Additionally, it has the ability to intercept login information, one-time passwords, access private files, grant permissions, record screens, and even remotely control devices.
These features contribute to its potential for serious threats, including identity theft.
Experts note that while TrickMo continues to function as a typical Android banking Trojan, the data it gathers could enable attackers to exploit victims on multiple fronts. This malware is linked to the TrickBot group, a criminal syndicate believed to operate out of Russia.
Zimperium’s research highlights that over 13,000 IP addresses have been affected, with victims predominantly found in Canada, the UAE, Turkey, and Germany, demonstrating the extensive impact of this malware campaign.
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.
The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.
A new breed of cyber-attack is sweeping through crypto media, exploiting site pop-ups and wallet-connect prompts instead of smart-contract bugs.
CoinMarketCap, one of the most widely used crypto data tracking platforms, is reportedly facing a front-end security breach, with multiple users encountering a suspicious prompt to verify their wallets.