TrickMo

The TrickBot malware is a banking Trojan, which targets Windows systems. This is among the most popular banking Trojans, which over the years has been able to obtain hundreds of thousands of dollars from the users they targeted. However, thanks to 2FA (Two-Factor Authentication) applied by many banking portals, the TrickBot malware has been stopped from victimizing countless other users. Interestingly enough, the operators of the TrickBot threat have developed a new hacking tool, which may enable them to bypass the 2FA. The name of this new threat is TrickMo.

The TrickMo malware appears to only target Android devices. So far, the TrickMo malware has only been spotted on devices located in Germany. It is likely that the creators of the TrickMo threat are still testing this new hacking tool and have opted to test it on German users before they expand the project.

Instead of targeting the login credentials, users fill in their banking applications, the TrickMo intercepts the victim's text messages. The TrickMo tool looks for specific messages that may be linked to 2FA authentication. The TrickMo malware is designed to target pushTAN codes, one-time passwords and pins, authentication codes, and mobile transaction authentications numbers. Apart from intercepting incoming text messages, the TrickMo threat is also able to collect data regarding the host's hardware and software, which is then transferred to the C&C (Command & Control) server of the attackers. The TrickMo malware is also able to uninstall itself from the infected host. Instead of using the HTTP protocol to trigger the self-destruction command, the TrickMo malware can be uninstalled via a specific text message crafted by its creators.

Since more and more people are dealing with online payments and bank transactions on the go, it is no surprise that cybercriminals are creating more and more mobile banking Trojans. If you want to protect your finances and your mobile device, it is important to download and install a legitimate, up-to-date antivirus utility that will not allow pests like the TrickMo malware anywhere near your system.