Android devices are falling victim to a Chinese hacker with a banking trojan in Europe and Latin America, which can steal money from the victim's accounts. Cyber-security researcher Cleafy informs that Trojan and ToxicPanda have a similar piece of malware previously spotted in “TgToxic” in 2023.
ToxicPanda’s attack on Android
To the researcher, ToxicPanda seemed the "lite" version of the same malware, many of its features are similar to the previous one and some were left as placeholders.
He highlighted that ToxicPanda is a very potent malware capable of initiating money transfers, intercepting one-time passwords (OTPs) generated through both SMS and authentic apps, and manipulating user inputs.
Read more: PTA hosts Cybersecurity awards 2024 to honour telecom industry defence efforts
It can hijack sensitive information from the compromised devices, and seize data from other apps. However, to be able to do all this, they might require Android’s accessibility security permission, which is usually a no-go land for such Android-borne malware.
This kind of malware is distributed through fake hidden Chrome sites like Visa, or 99 Speedmart apps and can also be found in third-party websites, social media channels as well as phishing.
Victims of ToxicPanda
Corrupted malware like ToxicPanda can not be found in official app repositories such as Google Play Store, App Store or similar. Researchers conjecture on how all these apps are being advertised and have affected 1,500 Android devices so far.
The majority of the victims are located in Italy (56.8%) and Portugal (18.7%), others are also noticeable in Hong Kong (4.6%), Spain (3.9%) and Peru (3.4%).
The defense against such types of hacker sites remains the same as always to remain agile while downloading software and only download apps from vetted sources.