Names | TrickMo | |
Category | Malware | |
Type | Banking trojan, Loader | |
Description | (IBM) IBM X-Force researchers analyzed an Android malware app that’s likely being pushed to infected users by the TrickBot Trojan. This app, dubbed “TrickMo” by our team, is designed to bypass second factor and strong authentication pushed to bank customers when they need to authorize a transaction. While it’s not the first of its kind, this Android malware app is more sophisticated than similar apps and possesses interesting features that enable its operators to steal transaction authorization codes from victims who download the app. | |
Information | <https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/> <https://www.cleafy.com/cleafy-labs/a-new-trickmo-saga-from-banking-trojan-to-victims-data-leak> <https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S0427/> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:TrickMo> |
Last change to this tool card: 24 October 2024
Download this tool card in JSON format
Previous: TrickBot
Next: TRIPLEFANTASY
Changed | Name | Country | Observed | ||
APT groups | |||||
Wizard Spider, Gold Blackburn | 2014-Dec 2023 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |