TrickMo.C, first observed in early 2026, is not a routine update to a banking trojan. The operators have rebuilt it as a platform that runs a local TON (The Open Network) proxy on compromised Android phones and routes command-and-control traffic through encrypted .ADNL addresses. That redesign converts infected devices into covert, remotely programmable network nodes […]