VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

TrickMo Uses TON and SOCKS5 — Android Devices Turn into Network Pivots

TrickMo использует TON и SOCKS5 — Android превращаются в сетевые pivot'ы

Colleagues, please note: a new variant of the Android trojan TrickMo has been detected in the cybersecurity landscape.

ThreatFabric reports: C2 over the decentralised TON network and an embedded local proxy; supports SOCKS5 and SSH tunnels. A module loads at runtime (dex.module) and is distributed via dropper apps masquerading as an adult version of TikTok.

Capabilities: network commands (curl, dnslookup, ping, telnet, traceroute) and SOCKS5 — compromised phones can serve as exit nodes and bypass IP filters. Attacks recorded in France, Italy and Austria.

Why it matters: attackers gain outbound network egress from within a victim’s network, complicating detection and blocking.

How do you assess the risk to corporate mobile policies?

#cybersecurity #malware #mobilesecurity #infosec

Latest comments

No comments yet.