Malicious app stealing information for fraudulent transactions
27th Mar 2020 In Security By Jack Francis

New TrickBot mobile app bypassing Banking authorization

The malware authors behind Trojan are in the process of developing a new android app designed to intercept one-time authorization codes sent via SMS to online banking customers. The new app named TrickMo is currently exclusive to German users whos desktops have been infected by Trickbot malware and consequently victims of fraudulent transactions.

The name TrickMo is a direct reference to a similar kind of banking walware called ZitMo, designed by the cybercriminal group Zeus in 2011 to defeat SMS two factor authentication. This is simply the latest in the arsenal of malware in Trojan banking in efforts to steal personal information such as, bitcoin wallets, email credentials and bank information.

Once installed TrickMo is capable of gaining information by starting itself when the devices becomes interactive or after a new SMS message is received, it can also allow remote attackers issue commends to turn off/on specific features in the compromised device.

To avoid raising suspicion when stealing the devices information, TrickMo activates the devices lock screen and can even display a fake android update screen to mask the information stealing operation in the background. It also has self destruction features allowing the cybercriminals to remove all traces of the malwares presence while holding all the stolen data.

For more information on the use of malware and how to stay protected from it, message us at or call today on 01642 248 750 and keep your data safe from cybercriminals.