Cybersecurity experts have detected a new Android malware known as ToxicPanda, which specifically targets bank accounts on mobile devices. This malicious banking trojan spreads by sideloading, often disguising itself as trusted apps like Google Chrome to deceive users.
Initial Discovery
The malware was first identified last month by Cleafly Intelligence, who initially linked it to another banking trojan, TgToxic, notorious in Southeast Asia. However, further examination revealed ToxicPanda’s code structure is distinct, indicating it is a different malware strain.
Main Objective
ToxicPanda's primary goal is to facilitate unauthorized money transfers from infected Android devices. It leverages tactics like " account takeover " and "On-Device fraud" to subvert banks' security measures, including advanced authentication and behavior analysis intended to detect suspicious transactions.
Under Development
The malware appears to still be in development. Researchers note that several commands within ToxicPanda’s code are placeholders, lacking any actual functionality—suggesting that the malware may evolve as development continues.
Device Control
Taking advantage of Android's accessibility services, ToxicPanda can gain control over a user’s phone remotely, even when the device is not actively being used. This access enables threat actors to manipulate the device's settings and apps without the user’s knowledge.
Methods of Spread
Threat actors are using fake app pages to entice users into downloading ToxicPanda. Primarily distributed via sideloading, this malware circumvents the protection offered by official app stores like Google Play Store and Samsung Galaxy Store, increasing the risk for unsuspecting users.
Global Impact
To date, over 1,500 Android devices and 16 banks have been affected across regions like France, Italy, Portugal, Spain, and Latin America. The malware targets major financial institutions, attempting to bypass their security protocols and compromise user accounts.
Suspected Threat Actors
While the identities of the hackers remain unclear, Cleafly Intelligence suggests that the group may have links to threat actors based in China. Such links indicate potential organized efforts behind the malware’s distribution and continuous development.
Targeted Institutions
ToxicPanda has reportedly targeted well-known banks and financial services, including Bank of Queensland, Citibank, Coinbase, PayPal, Tesco, and Airbnb. These institutions are likely being used as bait to make the malware appear legitimate and trustworthy.
Propagation via WhatsApp
In addition to compromising banking information, ToxicPanda sends malicious links through WhatsApp, further spreading itself across more devices. This functionality highlights the trojan’s aggressive approach to proliferation and the importance of caution when receiving unknown links.
Initial Discovery
The malware was first identified last month by Cleafly Intelligence, who initially linked it to another banking trojan, TgToxic, notorious in Southeast Asia. However, further examination revealed ToxicPanda’s code structure is distinct, indicating it is a different malware strain.
Main Objective
ToxicPanda's primary goal is to facilitate unauthorized money transfers from infected Android devices. It leverages tactics like " account takeover " and "On-Device fraud" to subvert banks' security measures, including advanced authentication and behavior analysis intended to detect suspicious transactions.
Under Development
The malware appears to still be in development. Researchers note that several commands within ToxicPanda’s code are placeholders, lacking any actual functionality—suggesting that the malware may evolve as development continues.
Device Control
Taking advantage of Android's accessibility services, ToxicPanda can gain control over a user’s phone remotely, even when the device is not actively being used. This access enables threat actors to manipulate the device's settings and apps without the user’s knowledge.
Methods of Spread
Threat actors are using fake app pages to entice users into downloading ToxicPanda. Primarily distributed via sideloading, this malware circumvents the protection offered by official app stores like Google Play Store and Samsung Galaxy Store, increasing the risk for unsuspecting users.
Global Impact
To date, over 1,500 Android devices and 16 banks have been affected across regions like France, Italy, Portugal, Spain, and Latin America. The malware targets major financial institutions, attempting to bypass their security protocols and compromise user accounts.
Suspected Threat Actors
While the identities of the hackers remain unclear, Cleafly Intelligence suggests that the group may have links to threat actors based in China. Such links indicate potential organized efforts behind the malware’s distribution and continuous development.
Targeted Institutions
ToxicPanda has reportedly targeted well-known banks and financial services, including Bank of Queensland, Citibank, Coinbase, PayPal, Tesco, and Airbnb. These institutions are likely being used as bait to make the malware appear legitimate and trustworthy.
Propagation via WhatsApp
In addition to compromising banking information, ToxicPanda sends malicious links through WhatsApp, further spreading itself across more devices. This functionality highlights the trojan’s aggressive approach to proliferation and the importance of caution when receiving unknown links.
You may also like
Ajit Pawar backs PM's 'ek hai' message; terms 'batenge, katenge' slogan inappropriate
Bengal municipalities job scam: CBI summons BJP legislator for interrogation
Kartik Purnima 2024: Discover the Spiritual Significance and Dos and Don'ts
Chinese loan app case: ED attaches properties worth Rs 3.72 crore
"There is a wave in favour of BJP, NDA in Jharkhand...": JP Nadda at Giridih rally
