TrickMo.C is a new Android banking trojan variant that has migrated its C2 infrastructure to the TON blockchain, eliminating the effectiveness of DNS sinkholing and domain seizure as disruption tools. It targets banking and cryptocurrency wallet applications in France, Italy, and Austria through sideloaded APKs impersonating TikTok and streaming apps. Organizations with mobile-banking-dependent employees or BYOD policies in affected regions face credential and OTP theft with limited network-layer detection options.