ToxicPanda Banking Trojan Infects Over 1,500 Android Smartphones, Targets 16 Banks: Report

ToxicPanda — a banking trojan that’s believed to be in an early stage of improvement — has been detected by safety researchers in Europe and Latin America. It is believed to be derived from one other banking trojan detected in 2023, and is used to remotely take over accounts on compromised telephones, permitting attackers to switch funds whereas bypassing safety measures aimed toward stopping suspicious transactions. ToxicPanda was reportedly discovered on over 1,500 gadgets, whereas focusing on customers of 16 banking establishments.

Researchers at Cleafy’s Threat Intelligence detected a brand new Android malware in October that they beforehand detected as TgToxic, one other banking trojan that was actively utilized in Southeast Asia and was recognized by the group final yr. The researchers discovered that the brand new pattern didn’t comprise capabilities from TgToxic, and that the code was not just like the unique trojan.

The ToxicPanda trojan is disguised as fashionable purposes
Photo Credit: Cleafy

 

As a outcome, the researchers began to trace the newly detected distant entry trojan (RAT) as ToxicPanda and warns that the malware can result in account takeover (ATO) after a sufferer’s gadget is contaminated. Cleafy’s Threat Intelligence staff additionally says that by choosing handbook distribution (sideloading, utilizing social engineering), risk actors (TA) can circumvent a financial institution’s safety measures which might be used to maintain customers secure.

In order to entry nearly all data on a consumer’s gadget, the malware exploits the accessibility service on Android, permitting it to seize knowledge from all apps. It can also be able to sidestepping two-factor authentication (resembling OTPs) by capturing the contents of the display. 

The creators of the ToxicPanda malware are Chinese audio system, in response to the researchers. Over 1,500 gadgets have been contaminated with the ToxicPanda trojan and customers from Italy have been probably the most impacted — greater than 50 p.c of all contaminated gadgets. Other impacted areas embrace Portugal, Spain, France, and Peru. Customers of 16 banks have been reportedly focused by the TAs utilizing the ToxicPanda trojan.

The researchers additionally level out that present antivirus options have did not detect these threats, which suggests the necessity for a “proactive, real-time detection system”. A botnet of contaminated gadgets was additionally noticed in use in Europe and Latin American international locations, which means that the Chinese-based TAs are actually turning their consideration to different markets.