A powerful new Trojan, ToxicPanda, is threatening the bank accounts of Android users around the world

mobile phones, 06.11.2024, 11:30 AM

A team of researchers from the company Cleafy warned of a new dangerous malware that is spreading around the world and is a threat to everyone’s bank account. It’s a Trojan called ToxicPanda that targets bank accounts through Android devices.

ToxicPanda was discovered by researchers a few weeks ago. The Trojan uses sophisticated methods to bypass the bank’s security measures before it begins making unauthorized withdrawals from the target account.

“ToxicPanda’s main goal is to initiate money transfers from compromised devices via Account Takeover (ATO) using a well-known technique called On-Device Fraud (ODF),” the researchers said in their analysis. “The malware aims to bypass banking countermeasures used to enforce identity verification and user authentication, combined with behavioral detection techniques used by banks to identify suspicious money transfers.”

Researchers say the malware has infected more than 1,500 Android devices in countries around the world, especially in Europe and Latin America.

ToxicPanda is an evolution of an older trojan called TgToxic that steals passwords and funds from crypto wallets, while ToxicPanda is focused exclusively on financial fraud. ToxicPanda can intercept one-time passwords (OTPs) sent via SMS or generated by authentication applications, allowing attackers to bypass two-factor authentication (2FA) protections. The malware uses Android accessibility services to grant itself powerful permissions that allow attackers to remotely control and directly access the device, enabling unauthorized money transfers to be initiated without the victim’s knowledge.

ToxicPanda is spread by attackers using fake pages of popular applications such as Google Chrome, Visa and 99 Speedmart to lure users into downloading the Trojan. It is currently unknown how links to these sites are propagated. The malware isn’t on Google Play or the Galaxy Store yet, probably because it’s still in development. Researchers say that it is not known who the cybercriminals are behind the malware, but that all signs point to them being in China, most likely in Hong Kong.

How can you protect your device and bank account from ToxicPanda malware?

One of the advantages of Android is the ability to install apps from unofficial sources, but this is exactly what you should avoid if you want to protect your device and your bank account. Apps should only be downloaded from trusted sources, make sure your device is always up-to-date and keep an eye on your bank account. You should also ignore installation instructions that appear outside of the Google Play Store (or Galaxy Store).

Banks would also have to work on new measures to detect malware. The emergence of the ToxicPanda Trojan underscores the growing sophistication of threats. Protections that were sufficient a few years ago are already outdated. Access keys and multi-factor authentication protection are two ways banks can protect their customers’ accounts.

Photo: Pathum Danthanarayana | Unsplash