The researchers of Cimperium realized that TrickMo, a banking Trojanwas making a comeback on Android smartphones. During their investigations, experts even discovered forty new variants of the malware on the web.
For the record, TrickMo appeared in 2020. Discovered by researchers atIBMthe virus had been programmed to bypass two-factor authentication from several banks. With this in mind, TrickMo could notably intercept all single-use access codes sent by SMS by banking applications. Unsurprisingly, the hackers behind the malware were looking to siphon off their targets’ accounts.
Also read: Three fraudulent apps have infiltrated the Play Store and the App Store to rob you
A hackneyed technique for stealing your codes
Back on the scene, the malware mainly seeks to get hold of your bank’s access code. This PIN code allows users to connect to their bank’s mobile application without having to enter their card or account number. To achieve their goals, recent iterations of TrickMo have a new arsenal of features. Confirming the findings of researchers from Cleafy, Cimperium ensures that the malware is capable of recording content broadcast on the screen or taking control of the phone remotely, like a remote control.
Furthermore, TrickMo can abuse the accessibility service on Androidintended to help people with disabilities, such as visual, hearing or motor impairments, use the telephone. By exploiting this service, the virus grants itself additional authorizations without requiring any action from the victim. He can indeed click on the authorization requests. Like the initial version which caused a stir in 2020, the 2024 editions of TrickMo can intercept all codes sent by SMS. Finally, it is able to exfiltrate a mountain of personal data from your smartphone without your knowledge.
To steal PIN codes, TrickMo will overlay a fake login screen over that of your banking application. The target, convinced to connect to their bank, will enter their access code without realizing that they have fallen into the net of cybercriminals. The malware will automatically register the code, which opens the doors to your account.
“The deceptive UI is an HTML page hosted on an external website and is displayed in full-screen mode on the device, making it look like a legitimate screen”specifies Cimperium.
In the process, the pirates seize the unlock code for your device in the same way. The virus will then be able to unlock the phone in the middle of the night, enter your account and launch fraudulent operations. This is one of the new features of the virus:
“This new addition allows the attacker to operate the device even when it is locked.”
Note that a plethora of malware uses fake screen overlays to trick its victims. This is also the case with Xenomorph malware, especially designed to steal cryptocurrencies. SOVA, a virus targeting more than 200 banking applications, also does the same thing.
TrickMo mainly targets banking applications. However, the virus is quite capable of applying the same hacking tactics to streaming platforms, e-commerce apps, VPN services or social networks.
A virus spread by phishing
According to CimperiumTrickMo caused 13,000 victims in several regions of the world, mainly Canada, Turkey and Germany. These new versions of the virus are spread through phishing messages. Hackers share APK files, the code of which contains a malicious payload, on social networks, by email or even by SMS.
To avoid falling into the trap of cybercriminals, we therefore recommend that you avoid installing applications outside of the Play Store at all costs. As Google recently pointed out on its blog, 95% of “Top fraudulent malware families that exploit sensitive permissions” were installed directly from the web.
“Google and the security community have been warning users for years about the real risks associated with downloading applications directly from the web”underlines Dave Kleidermacher, vice-president and head of security at Google, on his X account.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
Cimperium
Related News :