The TrickMo malware, a particularly formidable banking virus on the Android platform, is making a strong comeback by now hiding on the blockchain. This innovative tactic allows it to evade cybersecurity researchers and authorities. Since its emergence in 2020, TrickMo has targeted millions of users of banking applications. With a new version, TrickMo.C, cybercriminals do not hesitate to employ sophisticated concealment techniques to deceive users and steal their personal information.
A recurring threat to Android users
TrickMo is not an unknown entity to cybersecurity experts. This *Trojan horse* has repeatedly targeted Android smartphones. Since 2020, it has evolved, appearing in various variants, about forty of which have caused significant damage. The classic modus operandi of TrickMo consists of overlaying fake login screens on banking applications, thereby allowing the theft of PIN codes and intercepting SMS messages containing one-time codes.
An alarming evolution: TrickMo.C
During the first months of 2026, researchers at ThreatFabric discovered a new version of TrickMo, referred to as TrickMo.C. This variant does not merely hide behind simple malicious applications; it disguises itself as popular applications like counterfeit versions of TikTok or video players. Distributed outside official app stores, these fake applications deceive users into granting them all necessary permissions, rendering their devices vulnerable.
Targeting cryptocurrency wallets
In addition to users of banking applications, TrickMo.C also targets those who hold cryptocurrency wallets. Cybercriminals seek to appropriate users’ private keys or recovery phrases, thus allowing them to access funds without consent. By employing sophisticated phishing techniques, TrickMo.C amplifies its malicious reach in the market.
A proxy for fraudulent activities
TrickMo has the capability to transform an infected smartphone into a network proxy. This means that cybercriminals can route their malicious traffic through the victim’s internet connection. Using the user’s IP address, they cover their own tracks and can engage in criminal activities without detection.
Reinventing on the blockchain
Unlike previous versions that communicated with their creators via easily identifiable web servers, TrickMo.C represents a major transformation in its operational method. Leveraging blockchain technology, hackers inscribe the virus’s instructions, making their detection and neutralization nearly impossible. Using the TON blockchain, developed by the creators of Telegram, hackers hide all necessary commands for the malware’s proper functioning, rendering it practically unassailable by authorities.
Challenges for cybersecurity
Cybersecurity researchers now face unprecedented challenges. The instructions inscribed in the blockchain cannot be deleted, hindering efforts to block networks used by TrickMo. Moreover, other hacker groups, including niche malicious actors like North Korean hackers, have already begun hiding malicious scripts in smart contracts on blockchains such as Ethereum. This marks the beginning of a new era where the fight against malware becomes more complex.
How to protect against TrickMo
In the face of this growing threat, it is imperative to take precautionary measures. Users should avoid installing applications from sources outside the Google Play Store and be wary of applications that request access to their device’s accessibility services without a valid explanation. Despite the innovations by hackers, these simple gestures can greatly help in reducing the risks of malware infections.
To learn more about technological advancements and associated risks, check out our article on North Korean cyberattacks and their impact on the blockchain. You can also read the analysis on the impact of artificial intelligence in the field of cybersecurity at this link here. For more information on cloud computing, please follow this link.
By staying vigilant and informed, users can better protect themselves against sophisticated threats like TrickMo and safeguard their sensitive information.
For more complete details on TrickMo, check out this article here.
