New variants of the Android banking trojan TrickMo have been discovered with previously undocumented features that allow them to steal a device’s unlock pattern or PIN, even when the device is locked.
In an analysis published last week, Zimperium security researcher Aazim Yaswant stated, “This new addition enables the threat actor to operate on the device even while it is locked.”
TrickMo, associated with the TrickBot cybercrime group, was first identified in 2019 and has the capability to remotely control infected devices, steal SMS-based one-time passwords (OTPs), and capture credentials by using Android’s accessibility services.
Recently, Cleafy, an Italian cybersecurity company, revealed updated versions of the malware with enhanced evasion techniques and additional permissions for carrying out unauthorized transactions on the device.
Some of the new variants of TrickMo are designed to deceive users by mimicking the device’s actual unlock screen with a fake User Interface hosted on an external website.
If users input their unlock pattern or PIN on the deceptive UI, the information is transmitted to an attacker-controlled server for malicious purposes.
Yaswant highlighted the importance of securing mobile devices to prevent cyberattacks that exploit stolen credentials, which can give attackers access to sensitive information including banking details, corporate credentials, and more.
The broad targeting of TrickMo across various categories of applications highlights the need for heightened security measures to protect against financial fraud and other cyber threats.
Additionally, there has been an increase in financially motivated mobile attacks involving banking malware, with India being the top target for such attacks.
The emergence of the ErrorFather Android banking trojan campaign underscores the ongoing threat posed by repurposed malware, emphasizing the importance of cybersecurity measures to safeguard against financial fraud and data theft.
Data from Zscaler ThreatLabz shows a significant rise in mobile attacks involving banking malware, indicating the need for proactive security measures to mitigate the risks associated with such threats.
Protecting mobile devices from cyber threats is crucial, especially as they continue to be targeted by cybercriminals looking to exploit vulnerabilities for financial gain and unauthorized access to sensitive information.
