// #blockchain
2 articles
TrickMo Android Banking Trojan Moves C2 to TON Blockchain — Decentralised Infrastructure Makes Takedown Near-Impossible
The TrickMo Android banking trojan has been updated to use the Telegram Open Network (TON) blockchain as its command-and-control infrastructure. TON's decentralised architecture means law enforcement cannot seize or sink-hole C2 servers — TrickMo operators gain persistent, censorship-resistant communications regardless of takedowns. The move signals a broader industry shift toward blockchain-based C2 that defenders have limited ability to disrupt at the infrastructure level.
EtherRAT Uses Ethereum Blockchain Transactions as Immutable C2 Channel — Campaign Targeting Government and Finance
Researchers have disclosed EtherRAT, a remote access trojan that encodes command-and-control instructions directly into Ethereum blockchain transactions, creating a C2 channel that cannot be taken down, domain-blocked, or sinkholed. Active campaigns have targeted government and financial organisations in Eastern Europe and the Middle East.