TrickBot, a credential-theft botnet operated by the Gold Blackburn threat group, has been modified to target mobile device users on Sprint, T-Mobile, and Verizon cellular networks. TrickBot is using its traditional techniques a man-in-the-middle attack that captures a web session, routes it to a command-and-control server where code is injected to request user credentials, then sends the page to the victim. The PIN requested by the malicious form indicates that the criminals are interested in perpetrating SIM-swap fraud.”]
Source: https://www.darkreading.com/attacks-breaches/trickbot-comes-to-cellular-carriers