ToxicPanda – a banking Trojan believed to be in an early stage of development – has been detected by security researchers in Europe and Latin America. It is believed to derive from another banking Trojan detected in 2023 and is used to remotely take control of accounts on compromised phones, allowing attackers to transfer funds while bypassing security measures aimed at stop suspicious transactions. ToxicPanda was reportedly found on more than 1,500 devices, while targeting users at 16 banking institutions.
Cleafy’s Threat Intelligence Researchers detected a new Android malware in October that they had previously detected as TgToxic, another banking Trojan actively used in Southeast Asia and identified by the group last year. Researchers found that the new sample did not contain TgToxic’s functionality and the code was not similar to that of the original Trojan.
As a result, researchers have started tracking the newly detected remote access trojan (RAT) under the name ToxicPanda and warn that the malware can lead to account takeover (ATO) after the infection of the victim’s device. Cleafy’s Threat Intelligence team also claims that by opting for manual distribution (side-loading, use of social engineering), threat actors (TAs) can bypass a bank’s security measures used to ensure user security.
In order to access almost all information on a user’s device, the malware exploits the accessibility service on Android, allowing it to capture data from all apps. It is also capable of bypassing two-factor authentication (such as OTPs) by capturing screen content.
The creators of the ToxicPanda malware are Chinese, according to researchers. More than 1,500 devices were infected with the ToxicPanda Trojan and Italian users were the most affected, accounting for more than 50% of all infected devices. Other countries affected include Portugal, Spain, France and Peru. Customers of 16 banks were allegedly targeted by TAs using the ToxicPanda Trojan.
The researchers also point out that current antivirus solutions have failed to detect these threats, suggesting the need for a “proactive, real-time detection system.” A botnet of infected devices has also been spotted in Europe and Latin American countries, suggesting that China-based TAs are now looking to other markets.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Topics And Google News. For the latest videos on gadgets and technology, subscribe to our YouTube channel. If you want to know everything about the best influencers, follow our in-house guide Who is this360 on Instagram And YouTube.
Vivo Y19 price, availability announced; Comes with a 5,500 mAh battery and 50 megapixel camera
Assassin’s Creed Shadows will take a ‘new direction’ with a modern story, says Ubisoft