New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

thehackernews.com·May 12, 2026

A new variant of the TrickMo Android banking trojan, utilizing The Open Network for command-and-control, has been identified by cybersecurity researchers, targeting banking and cryptocurrency wallet users in France, Italy, and Austria from January to February 2026.

The key insight for you is that the new variant of the TrickMo Android banking trojan is leveraging The Open Network (TON) for command-and-control, highlighting the evolving tactics cybercriminals are using to enhance their operational security and target banking and cryptocurrency users in specific regions. This underscores the importance of monitoring emerging C2 infrastructures like TON in threat intelligence efforts to anticipate and mitigate such sophisticated threats.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

Want more content like this?

More from Cybersecurity News

New Fragnesia Linux flaw lets attackers gain root privileges

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

West Pharmaceutical says hackers stole data, encrypted systems

Checkbox Assessments Aren't Fit to Measure to Risk