A new variant of the TrickMo Android banking trojan has been discovered to steal devices’ unlock patterns or PINs, allowing attackers to access sensitive information even when the device is locked. The malware was first spotted in 2019 and has since evolved with improved evasion mechanisms and additional features.
The new variants of TrickMo can display a fake unlock screen that mimics the actual lock screen, tricking users into entering their PIN or password. Once entered, the stolen credentials are transmitted to an attacker-controlled server in an HTTP POST request, including device identifiers and other sensitive data.
According to Zimperium security researcher Aazim Yaswant, these stolen credentials can be used for financial transactions, as well as access corporate resources such as VPNs and internal websites. This highlights the importance of protecting mobile devices from cyberattacks.
The TrickMo malware is widely targeted, gathering data from various applications across different categories, including banking, enterprise, job recruitment, e-commerce, social media, and more. The emergence of a new ErrorFather Android banking trojan campaign also shows that repurposed malware continues to be used for financial fraud, with financially motivated mobile attacks witnessing a 29% jump during the specified period.
Countries most targeted by mobile attacks include India, the US, Canada, South Africa, the Netherlands, and others.
Source: https://thehackernews.com/2024/10/trickmo-banking-trojan-can-now-capture.html?m=1