Hot radar update · Security brief
TrickMo Android Banker Uses TON Blockchain: Protection Guide
TrickMo Android banking malware is using TON blockchain for stealthier communications. Here is who is at risk, what to check, and which security tools help.
TrickMo is not a reason to stop using mobile banking; it is a reason to stop treating app permissions as routine. The safest setup combines official app stores, fewer permissions, transaction alerts, strong passwords, and a reputable mobile security layer.
What changed in the latest TrickMo report
BleepingComputer reported that TrickMo, a known Android banking-trojan family, is now using TON blockchain infrastructure for covert communications. That does not make every Android phone vulnerable by itself, but it raises the operational risk: if criminals can move command-and-control signals through harder-to-disrupt channels, campaigns can last longer and victims may have fewer obvious warning signs.
The practical risk is still familiar: a user installs a malicious APK, grants accessibility or notification permissions, and the app watches for banking sessions, one-time passcodes, or wallet activity. The new angle is resilience. Security teams may block a domain, only for the malware operator to pull instructions from another location. For consumers, the answer is not panic; it is tighter install hygiene plus layered monitoring.
Who is most exposed
Android users who sideload apps, use unofficial app stores, or approve accessibility permissions for unknown utilities face the highest risk. People who manage crypto wallets, mobile banking, remittances, or small-business accounts from one phone should treat this as a high-priority hygiene check. The attack chain usually needs user action, but social engineering can make that action look harmless: a fake delivery tracker, a tax document viewer, a VPN clone, or a “security update” prompt.
What to do in the next 15 minutes
- Open Android settings and review apps with Accessibility, Notification Access, Device Admin, and Install Unknown Apps permissions.
- Remove anything you do not recognize, especially apps installed outside Google Play.
- Update Android, Chrome, WebView, and your banking apps.
- Turn on transaction alerts for every bank and card.
- Use a password manager to rotate bank, email, and crypto-exchange passwords from a clean device.
How we picked recommendations
For this page, we weighted Android malware detection, phishing protection, app-reputation warnings, identity monitoring, refund policy, and family-device value. No tool is a guarantee, but the right product reduces the chance that a malicious APK, phishing page, or breached password turns into account takeover.
Best products to consider now
Bitdefender Total Security 9.5/10
Best for: Android banking-trojan prevention
Price: Often $39.99–$59.99 first year
- Strong Android malware detection
- Web protection and scam alerts
- Low impact on performance
- VPN allowance is limited on lower tiers
- Renewal price jumps after promo
Norton 360 Deluxe 9.2/10
Best for: Families who also want identity alerts
Price: Often $49.99 first year
- Dark web monitoring on many plans
- Good app advisor for risky downloads
- Includes VPN and cloud backup
- Upsells inside the app
- Full identity coverage costs more
Malwarebytes Premium 8.8/10
Best for: Second-opinion cleanup and anti-phishing
Price: Often $44.99/year for one device
- Simple malware scans
- Strong phishing-blocking layer
- Good for removing unwanted apps
- Fewer parental/identity features
- VPN is separate unless bundled
McAfee+ 8.6/10
Best for: Households with many Android devices
Price: Often $49.99–$89.99 first year
- Unlimited-device options
- Identity monitoring bundles
- Useful scam protection tools
- Interface can feel busy
- Performance varies by device
Surfshark One 8.5/10
Best for: Users who want VPN plus antivirus
Price: Often around $2.69–$3.99/month on long plans
- VPN, antivirus, and breach alerts in one plan
- Good mobile privacy controls
- Unlimited VPN devices
- Antivirus features are lighter than dedicated suites
- Best pricing requires long commitment
Quick comparison
| Product | Score | Best use | Typical price |
|---|---|---|---|
| Bitdefender Total Security | 9.5/10 | Android banking-trojan prevention | Often $39.99–$59.99 first year |
| Norton 360 Deluxe | 9.2/10 | Families who also want identity alerts | Often $49.99 first year |
| Malwarebytes Premium | 8.8/10 | Second-opinion cleanup and anti-phishing | Often $44.99/year for one device |
| McAfee+ | 8.6/10 | Households with many Android devices | Often $49.99–$89.99 first year |
| Surfshark One | 8.5/10 | Users who want VPN plus antivirus | Often around $2.69–$3.99/month on long plans |
FAQ
What is TrickMo?
TrickMo is an Android banking trojan family designed to steal credentials, intercept messages, and manipulate infected phones during financial sessions.
Why does TON blockchain matter here?
The reported use of TON-based covert communications makes takedown and blocking harder because command signals can be hidden in decentralized infrastructure.
Can antivirus remove TrickMo after infection?
A reputable mobile security app can detect many known samples, but users should also reset banking passwords, revoke sessions, and contact the bank if money movement is suspected.
Are iPhone users affected?
This specific report focuses on Android malware behavior. iPhone users still need phishing protection and account monitoring, but the installation path is different.
What should I do first if I installed a suspicious APK?
Disconnect from sensitive accounts, run a trusted scan, uninstall unknown device-admin apps, change passwords from a clean device, and call your bank.