Dangerous Android banking malware looks to trick victims with fake money transfers

ToxicPanda is stealing money from victims across Europe and Latin America

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A Chinese hacker is targeting Android devices in Europe and Latin America with abanking trojanable to steal money from victim’s accounts.

A new report from cybersecurity researchers Cleafy says the trojan, ToxicPanda, is quite similar to a piece of older, known malware called TgToxic, which was first spotted in 2023. The two have some similarities, although ToxicPanda can be described as a “lite” version, since many features seem to be stripped down, and some were left as simple placeholders.

Despite being lighter, ToxicPanda is still a capable piece of malware. It can initiate money transfer, intercept one-time passwords (OTPs) generated both through SMS or authenticator apps, and manipulate user inputs. It can also steal sensitive information from the compromised device, and capture data from other apps. However, to do all that, the app needs to be given permission to access Android’s accessibility services, which is a usual red flag forAndroid-borne malware.

Years-long campaign

In any case, the malware is usually hidden in fake Chrome, Visa, or 99 Speedmart apps, most likely distributed through third-party websites, social media channels, and possibly phishing. The malicious apps cannot be found on official app repositories (Google Play Store,Samsung’s app store, or similar), and the researchers still speculate on how the apps are being advertised across the web.

So far, the threat actor seems to have infected more than 1,500 Android devices. The majority is located in Italy (56.8%), and Portugal (18.7%), with other notable mentions being Hong Kong (4.6%), Spain (3.9%), and Peru (3.4%). The researchers discovered this information by accessing ToxicPanda’s command-and-control (C2) panel.

The defense mechanisms against these types of attacks remains the same - be careful to only download apps from vetted sources.

ViaThe Hacker News

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet