Menu

How TrickMo Android Banker Uses TON Blockchain for Stealthy Attacks on Users

, , , , , , , , , 0

2e61a77b-95e5-4952-9651-f261b6b5a93b

How Uses for Stealthy Attacks on Users

Android users face a new threat. A dangerous malware called TrickMo has upgraded its tricks. It now uses the TON blockchain to hide its commands from security teams. This makes it harder to stop. The malware targets bank accounts and crypto wallets in Europe.

What is TrickMo Android Malware?

TrickMo is a type of banking trojan. It steals money from users’ phones. First found in 2019, it keeps getting updates. Bad actors make it stronger each time.

Recent checks show over 40 versions. They come from 16 different droppers. These connect to 22 control servers. The goal? Steal sensitive data from people worldwide.

The newest version, called TrickMo.C, started appearing in January. Experts track it closely. It hides as popular apps like TikTok or video streamers.

Targets: Banks and Crypto in Europe

This malware hits users in France, Italy, and Austria hardest. It goes after banking apps and cryptocurrency wallets. Once inside, it grabs login details, passwords, and more.

Why these countries? They have many mobile banking users. Crypto is popular too. Attackers want quick cash from stolen funds.

The Big New Trick: for Secret Comms

The standout feature is how it talks to its bosses. It uses The Open Network (TON). TON started with Telegram. It’s a peer-to-peer network for safe chats.

Instead of normal web addresses, TrickMo uses special .ADNL addresses. These are 256-bit IDs. They hide the real server IP and port. No one can easily find or block them.

The malware runs a small TON proxy on your phone. All traffic goes through this. From outside, it looks like normal TON app traffic. Encrypted and hard to spot.

  • No DNS needed: Skips public domain systems.
  • Hard to block: No fixed IPs to target.
  • Blends in: Looks like legit TON use, like games or wallets.

This beats old takedown methods. Security firms can’t just seize domains. The network protects itself.

How TrickMo Works: Two-Stage Attack

TrickMo is smart and modular. It has two parts:

  1. Host APK: The first file you install. It loads the app and stays hidden. Handles updates and persistence.
  2. Runtime APK: Downloads later. This does the dirty work like stealing data.

Key theft methods:

  • Phishing overlays: Fake bank screens to trick logins.
  • Keylogging: Records every tap.
  • Screen recording and streaming: Watches your actions live.
  • SMS grab and OTP block: Steals texts, hides codes.
  • Clipboard change: Swaps your copied wallet addresses.
  • Notification filter: Hides alerts.
  • Screenshots: Captures important moments.

New Commands and Hidden Tools

The latest TrickMo.C adds fresh commands. These let attackers control devices better. They can run custom actions on demand.

It also has Pine framework for hooking. This could spy on network calls or Firebase. Right now, it’s off. But ready for future use.

NFC permissions are there too. It reports NFC info. No active use yet. Maybe coming soon for card taps.

Why TON Makes This Malware Tougher

TON is built for speed and privacy. It’s decentralized. No single point to shut down. Malware uses this to stay online.

Normal C2 servers get blocked fast. IPs leak, domains seize. TON traffic? It mixes with millions of users. Firewalls see crypto chatter, not crime.

This trend grows. Other malwares eye blockchains for cover. TON’s ties to Telegram help spread via chats.

Real Risks for Android Users

If infected:

  • Lose bank money.
  • Crypto wallets drained.
  • Personal data sold on dark web.
  • Device turned into bot for more attacks.

Europe sees rising mobile fraud. This fits the pattern. Attackers test here, then go global.

How to Protect Your Android Phone

Stay safe with simple steps:

  1. Download only from Google Play: Avoid sideloading APKs.
  2. Keep apps few: Less apps mean less risk.
  3. Check publishers: Stick to known names.
  4. Turn on Play Protect: Google’s built-in scanner.
  5. Update OS and apps: Patches fix holes.
  6. Use antivirus: Good ones spot trojans.
  7. Enable 2FA: Extra login step.
  8. Watch permissions: Block camera, SMS access if odd.

What’s Next for TrickMo and TON Threats?

TrickMo evolves fast. TON use shows malware adapts to blockchain. Expect more. Watch for fake TikTok apps or streamers.

Security teams work on TON detection. But it’s early. Users must stay alert.

Blockchain brings freedom. But criminals twist it. Balance innovation with caution.

Final Thoughts

The adopting for covert comms changes the game. It’s stealthier than ever. Protect your device today. Share this post to warn friends.

Stay safe in the crypto world!

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *