The new TrickMo variants have been designed to harvest device unlock patterns and PINs through a deceptive UI, allowing attackers to operate covertly on locked devices.
These updated malware versions enhance the ability to evade analysis and gain additional permissions, enabling unauthorized transactions and extensive data theft from users.
The HTML-based deceptive User Interface presented to victims mimics the genuine unlock screen, tricking them into providing sensitive access credentials without suspicion.
C2 servers associated with TrickMo revealed over 13,000 unique IP addresses, predominantly identified in Canada, U.A.E., Turkey, and Germany, indicating widespread potential targeting.
Collection
[
|
...
]