The TrickMo Android banker malware has adopted the TON blockchain for covert communications, showing how mobile banking trojans continue evolving to avoid detection and takedowns.
Researchers discovered that newer TrickMo variants now abuse blockchain infrastructure to hide command-and-control information and strengthen malware resilience. Security experts warned that decentralized technologies increasingly attract cybercriminal groups looking for more durable communication systems.
TrickMo Began Using TON Blockchain Infrastructure
Researchers found that the TrickMo Android banker integrated support for the TON blockchain, also known as The Open Network, to manage covert communications between infected devices and attacker-controlled infrastructure.
Instead of relying only on traditional command-and-control servers, the malware reportedly stores encrypted configuration data inside blockchain transactions.
Infected Android devices can retrieve the information directly through the TON network. Researchers explained that this method makes disruption more difficult because blockchain records remain distributed across decentralized infrastructure.
The updated TrickMo variants also reportedly use stronger obfuscation techniques designed to complicate malware analysis and security detection.
TrickMo Continues Targeting Banking Users
The TrickMo Android banker has operated for years as a banking malware threat targeting Android users through phishing attacks and malicious applications.
Researchers said the malware typically spreads through fake apps, smishing campaigns, and social engineering attacks designed to trick victims into installing infected Android packages.
Once installed, the malware can reportedly:
- Steal banking credentials
- Capture SMS authentication codes
- Abuse accessibility permissions
- Perform overlay attacks
- Monitor device activity
- Remotely control infected devices
Researchers warned that TrickMo increasingly targets multi-factor authentication systems used by financial institutions.
The blockchain-based communication model now gives operators additional flexibility when infrastructure disruptions occur.
Blockchain Communications Improve Malware Resilience
The TrickMo Android banker campaign highlights how cybercriminals increasingly abuse blockchain technologies outside cryptocurrency-related attacks.
Researchers explained that decentralized infrastructure creates several advantages for malware operators. Blockchain-based communications reduce dependence on centralized servers and make infrastructure tracking harder for investigators.
The TON blockchain attracted attention because of its distributed structure, fast transactions, and growing ecosystem tied to Telegram-related technologies.
Security experts warned that storing malware infrastructure data on blockchain networks creates long-term challenges because blockchain entries remain publicly accessible and difficult to remove permanently.
The campaign also demonstrates how quickly threat actors adapt to law enforcement operations and defensive security measures.
Android Banking Malware Keeps Evolving
The TrickMo Android banker remains part of a broader trend involving increasingly advanced Android banking malware operations.
Researchers noted that modern mobile banking trojans now combine credential theft, accessibility abuse, remote access functionality, and advanced evasion techniques.
Cybercriminal groups regularly rotate infrastructure, encrypt communications, and deploy anti-analysis protections to avoid detection.
Security experts advised Android users to avoid installing applications from unofficial sources and warned against granting accessibility permissions to unknown apps.
Organizations and financial institutions were also encouraged to strengthen fraud detection systems and mobile threat monitoring capabilities.
Conclusion
The TrickMo Android banker campaign shows how mobile malware operators continue evolving through decentralized technologies like the TON blockchain. Researchers discovered that the malware now uses blockchain-based communications to improve resilience and complicate disruption efforts.
The shift also highlights a growing cybersecurity challenge as threat actors increasingly abuse distributed technologies to strengthen malware infrastructure and evade traditional defenses.
0 responses to “TrickMo Android Banker Adopts TON Blockchain”