Do you have Android? This Trojan will steal all your money
Smartphones around the world were attacked by the extremely dangerous ToxicPanda Trojan. It mainly attacks bank accounts and pretends to be popular applications in order to infect the phone.
More text below the video
Back in 2023, Tren Micro was discovered TgToxic — extremely powerful and malicious Android software that stole login details and even emptied the contents of cryptocurrency wallets. Now everything seems to indicate that another group of hackers took over the TgToxic technology and significantly expanded it.
Android devices are still at risk, but this time the target is directly banking applications. We have already managed to locate over 1,500 infected phones, and the main target is devices in Europe and Latin America.
How ToxicPanda works
Although ToxicPanda is mainly banking malware, its operation is analogous to typical Trojans, explain Cleafy specialists Michele Roviello, Alessandro Strino and Federico Valentini. First of all the software pretends to be various types of popular applications — completely unrelated to banking. It uses advanced methods to avoid detection.
After successful installation the trojan monitors all user activities related to banking and step by step it begins to take over accounts, initiating transfers using an account takeover technique known as ATO.
Importantly, ToxicPanda does not spread via the Google Play store or other popular stores. If we do not allow the installation of programs from external sources, we are rather safe. People who download packages on their own should be very vigilant because, as we mentioned, the Trojan spreads under the guise of popular, innocent applications.
Cybersecurity experts have already sent messages to a number of banks and financial institutions. Multi-factor authentication, access keys, one-time codes and other authorization methods, especially those that do not use text messages or phone applications, should further increase customer security.