ThreatFabric has identified a new TrickMo Android banking trojan variant that uses The Open Network (TON) for stealthy command-and-control communications. The malware is actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria while adding network pivoting features such as SSH tunnelling and SOCKS5 proxying. #TrickMo #ThreatFabric #TON
Keypoints
- TrickMo now uses TON for command-and-control traffic.
- The new variant was observed targeting users in France, Italy, and Austria.
- It includes reconnaissance, SSH tunnelling, and SOCKS5 proxy features.
- Infected devices can be used as network pivots and traffic-exit nodes.
- The malware is distributed through phishing websites and dropper apps impersonating Google Play Services and TikTok-related apps.
Read More: https://thehackernews.com/2026/05/new-trickmo-variant-uses-ton-c2-and.html