TrickMo Android banker adopts TON blockchain for covert comms
Summary
A new version of the TrickMo Android banking malware is being distributed in Europe, featuring updated commands and utilizing The Open Network (TON) blockchain for covert command-and-control (C2) communications. This shift to blockchain makes it harder for security researchers to track and disrupt the malware's operations.
IFF Assessment
The adoption of TON blockchain for C2 communications by TrickMo malware makes it more difficult for defenders to detect and block its activities, representing a concerning evolution for mobile banking security.
Defender Context
Defenders should be aware of this evolving threat vector where malware increasingly leverages decentralized technologies like blockchain for C2. This necessitates enhanced network monitoring capabilities that can potentially detect unusual traffic patterns associated with blockchain interactions, even if the content is encrypted.