This dangerous Android banking trojan steals your PINs and money with a fake lock screen
Sophisticated Android malware on the rise: TrickMo
Computer threat, ironically just like the apps that we interact with daily on our smart phones, are dynamic. There is no exception to the rule, even TrickMo which is a banking trojan. New strains of this malware have been released, some of which can actually capture your Android phone PIN or unlock code.
TrickMo’s New Abilities
Zimperium the cybersecurity firm said that it has found dozens of new variants of the TrickMo malware associated with 16 sources of malware and use 22 different command and control centres to steal your data and money. Originally exposed by IBM’s X-Force cybersecurity research group in 2020, TrickMo has since undergone further improvements visible in its more recent version. These new features include:
Single use code interception (SUCI)
Screen recording
Data exfiltration
For execute work automatically permissions must be granted.
The ability to launch overlay attacks and other mainly depends on the type of virtualization.
This paper is a discussion of how TrickMo compromises PINs and unlock patterns among Android users.
As TrickMo is a banking trojan, it fills Android users’ screens with fake login pages and waits for them to input their usernames and passwords. This makes it possible for the hackers to wait for some time when the device has being idle in order to perform the device fraud. To this end, TrickMo takes advantage of the Android operating system’s accessibility services to gain more permissions and to replicate the unlock notifications you get on an Android phone when its screen is on. Once a PIN code or unlock pattern is collected this information is passed back to the hackers and your phone is unlocked remotely.
TrickMo malware: what you need to do to avoid getting infected
New versions of TrickMo are at the moment delivered using phishing campaigns. It is hence wise to be cautious when reading new mails and when downloading other new applications on your phone.
Google Play Protect, which comes pre-installed on most Android phones, is able to identify and block known variants of TrickMo, but it’s recommended to use an antivirus app for extra protection. It’s essential to stay vigilant online and carefully review emails, messages, and new apps.