TRICKMO BANKER MALWARE NOW USES TON BLOCKCHAIN

TrickMo, a known Android banking trojan, has evolved to incorporate TON blockchain technology for its C2 infrastructure. This shift represents an escalation in evasion tactics, as blockchain-based communications are harder to intercept and block through traditional security measures. The updated variant introduces new commands alongside its existing banking credential theft capabilities. Security researchers tracking the malware note that European users remain primary targets, with distribution occurring through established infection chains. The adoption of TON for covert communications reflects a broader trend among malware operators seeking resilience against network-level defenses. Unlike centralized C2 servers, blockchain-based infrastructure distributes command delivery across a decentralized network, complicating takedown efforts. Security firms recommend users in affected regions exercise caution with app installations and enable banking app protections. Organizations should monitor for TrickMo indicators and consider TON blockchain communication patterns as part of threat detection strategies.