ToxicPanda Malware Hits Banks Across Europe And Latin America

Image by Freepik

ToxicPanda Malware Hits Banks Across Europe And Latin America

Reading time: 3 min

In a Rush? Here are the Quick Facts!

  • Over 1,500 devices infected across Italy, Portugal, Spain, and Latin America.
  • Malware bypasses bank security, enabling fraud through account takeover and On-Device Fraud.
  • ToxicPanda is still in early development, with incomplete commands in its code.

In October 2024, Cleafy’s Threat Intelligence team discovered a new Android banking Trojan campaign, initially linked to the known TgToxic family of malware. However, after further investigation, it became clear that this new malware was different, leading experts to track it under the name ToxicPanda.

In their recent report, the analysts explain that ToxicPanda is designed to steal money from compromised devices by bypassing bank security measures.

The malware uses a technique called On-Device Fraud (ODF), which allows attackers to take control of a victim’s bank account without the person’s knowledge. It can bypass identity verification and behavioral detection systems that banks use to flag suspicious activities.

The researchers explain that ToxicPanda works by exploiting Android’s accessibility services. This allows it to gain control over a victim’s device, intercept one-time passwords (OTPs), and carry out fraudulent bank transactions. It can also hide its presence on the phone, making it harder for antivirus software to detect.

However, the report notes that the malware is still in early development. Some parts of its code are incomplete, with commands that don’t yet do anything.

Despite this, ToxicPanda has already managed to infect over 1,500 Android devices across Italy, Portugal, Spain, and Latin America. These infected devices are being used in attacks on 16 different banking institutions.

The threat actors (TAs) behind ToxicPanda are suspected to be Chinese speakers, marking a shift in the regions they target.

It is uncommon for Chinese-speaking cybercriminals to focus on banking fraud in Europe and Latin America. The researchers suggest that this might indicat a potential change in their operational focus.

Although ToxicPanda is not as advanced as some other banking trojans, it shares similarities with previous malware like TgToxic.

The report suggest that the malware’s developers appear to be new to targeting financial institutions outside their home regions, which may explain its somewhat basic code and limited features.

ToxicPanda’s spread has been significant, with Italy seeing the highest number of infections, followed by countries like Portugal, Spain, and Peru. This broad geographic reach signals that the malware creators are expanding their targets to include more countries, especially in Latin America.

In conclusion, ToxicPanda is a growing threat that highlights the increasing sophistication of mobile banking fraud. While the malware is still developing, its rapid spread across multiple regions shows that cybercriminals are becoming more focused on exploiting banking systems worldwide.

 

 

 

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...