{
	"id": "b657abce-2c44-4d3a-adbe-9b764746a5b4",
	"created_at": "2026-04-06T00:10:31.659419Z",
	"updated_at": "2026-04-10T03:20:36.199042Z",
	"deleted_at": null,
	"sha1_hash": "e0d5533062fe41e90a95c1c8a2d597edf01762e0",
	"title": "TrickMo (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 38731,
	"plain_text": "TrickMo (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 16:27:51 UTC\r\napk.trickmo (Back to overview)\r\nTrickMo\r\nTrickMo is an advanced banking trojan for Android. Starting out as a companion malware to TrickBot in 2020, it\r\nfirst became a standalone banking trojan by addition of overlay attacks in 2021 and was later (2024) upgraded\r\nwith remote control capabilities for on-device fraud. The continued development and progressively improved\r\nobfuscation suggests an active Threat Actor.\r\nReferences\r\n2025-02-09 ⋅ Medium (@mvaks) ⋅ mvaks\r\nAnalysis of malicious mobile applications impersonating popular Polish apps — OLX, Allegro, IKO\r\nSpyNote TrickMo\r\n2024-10-11 ⋅ zimperium ⋅ Aazim Yaswant\r\nExpanding the Investigation: Deep Dive into Latest TrickMo Samples\r\nTrickMo\r\n2024-09-10 ⋅ Cleafy ⋅ Alessandro Strino, Michele Roviello\r\nA new TrickMo saga: from Banking Trojan to Victim's Data Leak\r\nTrickMo\r\n2023-12-04 ⋅ cyble ⋅ Cyble\r\nTrickMo's Return: Banking Trojan Resurgence With New Features\r\nTrickMo\r\n2020-03-24 ⋅ Pavel Asinovsky\r\nTrickBot Pushing a 2FA Bypass App to Bank Customers in Germany\r\nTrickMo\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/apk.trickmo\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/apk.trickmo\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/apk.trickmo"
	],
	"report_names": [
		"apk.trickmo"
	],
	"threat_actors": [],
	"ts_created_at": 1775434231,
	"ts_updated_at": 1775791236,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e0d5533062fe41e90a95c1c8a2d597edf01762e0.pdf",
		"text": "https://archive.orkl.eu/e0d5533062fe41e90a95c1c8a2d597edf01762e0.txt",
		"img": "https://archive.orkl.eu/e0d5533062fe41e90a95c1c8a2d597edf01762e0.jpg"
	}
}