ToxicPanda — a banking Trojan believed to be in the early stages of development — has been discovered by security researchers in Europe and Latin America. It is believed to be derived from another banking trojan discovered in 2023 and is used to remotely take over accounts on compromised phones, allowing attackers to transfer funds to bypass security measures designed to stop suspicious transactions. ToxicPanda was reportedly found on more than 1,500 devices, targeting users of 16 banking institutions.
In October, researchers at Cleafy’s Threat Intelligence discovered a new Android malware they previously identified as TgToxic, another banking Trojan that was heavily used in Southeast Asia and was identified by the group last year. The researchers found that the new sample does not contain TgToxic capabilities and the code is not similar to the original Trojan.
The Trojan ToxicPanda disguises itself as popular programs
Photo credit: Cleafy
As a result, researchers have begun tracking the recently discovered Remote Access Trojan (RAT) as ToxicPanda and warn that the malware can lead to Account Takeover (ATO) after infecting a victim’s device. The Cleafy Threat Intelligence team also says that by choosing to spread manually (side-loading, using social engineering), threat actors (TAs) can bypass the bank’s security measures used to keep users safe.
To gain access to almost all information on a user’s device, the malware uses the Accessibility service on Android, which allows it to retrieve data from all apps. It is also capable of bypassing two-factor authentication (such as one-time passwords) by capturing screen content.
According to researchers, the creators of the ToxicPanda malware are Chinese. More than 1,500 devices were infected by the ToxicPanda Trojan, with users from Italy the most affected, accounting for more than 50 percent of all infected devices. Other affected countries include Portugal, Spain, France and Peru. Customers of 16 banks were reportedly targeted by TA using the ToxicPanda Trojan.
The researchers also note that current antivirus solutions have failed to detect these threats, suggesting the need for a “proactive, real-time detection system.” A botnet with infected devices has also been seen in use in Europe and Latin American countries, suggesting that Chinese TAs are now turning their attention to other markets.
Follow Gadgets 360 for the latest technology news and reviews XFacebook, WhatsApp, Threads and Google News. Subscribe to our YouTube channel for the latest gadgets and technology videos. If you want to know all about the top influencers, follow our in-house Who’sThat360 on Instagram and YouTube.
Vivo Y19s price, availability announced; It comes with a 5500mAh battery, a 50MP camera
Ubisoft says Assassin’s Creed Shadows will go in a “new direction” with a modern story
