🤖 Android
🏦 Banque en ligne
TrickMo: The Android Virus Draining Bank Accounts in Real Time — France Targeted in 2026
Cybersecurity researchers have just identified a new version of TrickMo, a particularly dangerous Android banking trojan. France is one of the three main targets in 2026. This virus spreads via fake Facebook and TikTok ads, then takes full control of your phone: it displays fake bank screens, intercepts your two-factor SMS codes and can drain your bank account in real time, right before your eyes, with nothing you can do.
3
Countries targeted: France, Italy, Austria
100%
Control of your phone by hackers
0
Visible sign on your screen — invisible
🦠 How TrickMo infects your phone
TrickMo doesn't install itself. It uses social engineering techniques to trick you:
🎯 The most common infection scenario
1
Fake ad on Facebook or TikTok — You see an ad for a free app, a streaming film or a fake "Chrome update". You click.
2
Download of a fake APK — You're redirected outside the Play Store. You're offered "Google Chrome" or "Google Services" to download. The file contains TrickMo.
3
Accessibility permission request — The app asks you to enable "accessibility services". It seems harmless. It's actually the key to everything.
4
Total takeover — Hackers now have access to everything: they see your screen live, read your texts, display fake screens over your real apps.
5
You drain your account without knowing it — You open your banking app. TrickMo displays a fake screen identical to your bank. You enter your credentials. The money disappears.
😱 Why this is particularly alarming
What makes TrickMo so dangerous is that it bypasses all your usual protections:
🚨 What TrickMo does on your phone
- Fake bank screens — it overlays perfectly imitated fake login pages on your real banking apps
- SMS code theft — it silently intercepts and deletes your two-factor authentication codes before you see them
- Live control — hackers see your screen in real time and can click on your behalf
- Keystroke logging — every key you press is captured
- Total invisibility — no notification, no visible sign on your screen
- Resistance to removal — it reinstalls automatically and prevents its own uninstallation
📱 Which apps are targeted?
TrickMo specifically targets the most widely used apps:
All major banks
PayPal
MetaMask
Blockchain.com
Netflix
Facebook
Gmail
Uber
🛡️ How to protect yourself
✅ Golden rules to avoid TrickMo
- Never install an app outside the Play Store — never via a received link, never from a website
- Never click "Update Chrome" in an ad or website — go directly to the Play Store
- Never grant "accessibility services" to an unknown app — it's the most dangerous permission possible
- Install Android antivirus — Bitdefender Mobile Security detects TrickMo and its variants
- Enable Google Play Protect — Settings → Security → Google Play Protect
- Check your bank statements every week
⚠️ Signs your Android may be infected
- Battery draining abnormally fast
- Phone warm for no apparent reason
- Mobile data consumed heavily in background
- Notifications disappearing before you read them
- Strange behaviour in your banking apps
- Apps you didn't install
💡 If you think you're infected — act now
- Stop opening your banking app on this phone
- Change your banking passwords from a different device (computer, tablet)
- Call your bank to block all transactions
- Factory reset the phone — it's the only safe way to remove TrickMo
- File a police report
❓ Frequently asked questions about TrickMo
TrickMo disguises itself as a fake Google Chrome update or an app downloaded via a link in a Facebook or TikTok ad. Once installed, it requests access to Android accessibility services — giving it full control over your phone. Never download an app outside the official Play Store.
Yes. TrickMo silently intercepts and deletes verification SMS codes before you see them. SMS two-factor authentication no longer protects you once infected. This is one reason why an authenticator app (Google Authenticator, Authy) is safer than SMS.
Signs: battery draining fast, phone warm, mobile data consumed in background, notifications disappearing, strange behaviour in banking apps. Scan with Malwarebytes or Bitdefender Mobile Security to confirm.
The safest method is a complete factory reset. Before doing so, change all your passwords from another device and alert your bank. Don't use your infected phone for these steps — hackers can see everything you do.
TrickMo targets all major banking apps, PayPal, crypto wallets (MetaMask, Blockchain.com), but also Netflix, Facebook, Gmail and Uber. Practically all your important apps are on its list.
💡 Vous aimerez peut-être aussi
Is your Android phone behaving strangely?
Describe the symptoms to CyberGuard — it'll help identify whether you're infected and guide you step by step.
🤖 Talk to CyberGuard →📖 Complete guide — Protect Your Family Online
30 pages · Android viruses, scams, passwords · Instant PDF