A new variant of the TrickMo Android trojan has been discovered, targeting banking credentials by exploiting accessibility services on infected devices. The malware, initially identified in 2019, now includes enhanced evasion tactics such as using malformed ZIP files and JSONPacker to hinder detection. Once installed through a malicious dropper app posing as Google Chrome, it manipulates accessibility features to intercept OTPs, keystrokes, and SMS messages, and can even conduct on-device fraud. Additionally, the trojan's misconfigured command-and-control server exposed 12 GB of sensitive user data, posing significant risks of identity theft and financial fraud.