A newly identified variant of the TrickMo malware is targeting banking, fintech, cryptocurrency wallet, and authentication applications with advanced device takeover capabilities. Once installed on Android devices, the malware abuses accessibility services and remote-control functions to capture credentials, intercept one-time passcodes, and manipulate app sessions directly on the device. By operating within legitimate financial and authentication apps, TrickMo can bypass traditional fraud controls and multi-factor authentication protections. The campaign highlights how modern mobile malware increasingly focuses on full device compromise rather than simple credential theft, reinforcing the need for behavior-based detection, strict app controls, and continuous mobile threat monitoring.
Read the full report here.
