TrickMo Uses TON and SOCKS5 — Android Devices Turn into Network Pivots

Colleagues, please note: a new variant of the Android trojan TrickMo has been detected in the cybersecurity landscape.
ThreatFabric reports: C2 over the decentralised TON network and an embedded local proxy; supports SOCKS5 and SSH tunnels. A module loads at runtime (dex.module) and is distributed via dropper apps masquerading as an adult version of TikTok.
Capabilities: network commands (curl, dnslookup, ping, telnet, traceroute) and SOCKS5 — compromised phones can serve as exit nodes and bypass IP filters. Attacks recorded in France, Italy and Austria.
Why it matters: attackers gain outbound network egress from within a victim’s network, complicating detection and blocking.
How do you assess the risk to corporate mobile policies?
#cybersecurity #malware #mobilesecurity #infosec


Latest comments
No comments yet.