New variants of the TrickMo Trojan are tricking victims into revealing their phone unlock codes, with Zymperium researchers identifying 40 variants containing features like one-time password interception, credential theft, and automated permission exploitation. Cleafy previously covered some of the circulating variants, with the Trojan distributing through a dropper disguised as Google Chrome browser. Once installed, the Trojan poses as a legitimate Google Play Services instance, gaining permissions to integrate seamlessly into the device's operations, making detection and removal difficult
Exploiting Android's accessibility services, these variants can perform malicious actions like unauthorized transactions and gaining remote control over infected devices. Zymperium analysis shows over 13,000 individuals affected by TrickMo, primarily in Canada, along with victims in the United Arab Emirates, Turkey, and Germany. The Trojan targets a wide range of applications, spanning banking, enterprise, e-commerce, social media, and healthcare applications. ```https://www.bankinfosecurity.com/trickmo-trojan-variants-target-device-unlock-codes-a-26537