Cybersecurity researchers have identified a new variant of the TrickMo Android banking trojan, dubbed "TrickMo C," which utilizes The Open Network (TON) decentralized blockchain for command-and-control (C2) communication. This shift to TON allows for stealthy, resilient traffic that is difficult to take down or block using traditional network security measures. The malware targets banking and cryptocurrency users primarily in Europe, including France, Italy, and Austria. Beyond traditional banking trojan features like OTP hijacking and credential phishing, this updated version includes advanced network capabilities such as SSH tunneling and SOCKS5 proxying. These features transform infected devices into programmable network pivots, allowing attackers to route malicious traffic through the victim’s own network to bypass fraud detection systems. The variant also incorporates a network-operative subsystem for reconnaissance, enabling commands like ping and traceroute from within the compromised environment.…