Dangerous Android banking malware looks to trick victims with fake money transfers

Trending 2 weeks ago
An Android telephone being held successful nan hand
(Image credit: Shutterstock / mindea)

  • ToxicPanda tin initiate money transfers and moreover drawback MFA codes
  • The banking trojan is targeting consumers successful Europe and Latin America
  • More than 1,500 devices already compromised

A Chinese hacker is targeting Android devices successful Europe and Latin America pinch a banking trojan capable to bargain money from victim’s accounts.

A caller study from cybersecurity researchers Cleafy says nan trojan, ToxicPanda, is rather akin to a portion of older, known malware called TgToxic, which was first spotted successful 2023. The 2 person immoderate similarities, though ToxicPanda tin beryllium described arsenic a “lite” version, since galore features look to beryllium stripped down, and immoderate were near arsenic elemental placeholders.

Despite being lighter, ToxicPanda is still a tin portion of malware. It tin initiate money transfer, intercept one-time passwords (OTPs) generated some done SMS aliases authenticator apps, and manipulate personification inputs. It tin besides bargain delicate accusation from nan compromised device, and seizure information from different apps. However, to do each that, nan app needs to beryllium fixed support to entree Android’s accessibility services, which is simply a accustomed reddish emblem for Android-borne malware.

Years-long campaign

In immoderate case, nan malware is usually hidden successful clone Chrome, Visa, aliases 99 Speedmart apps, astir apt distributed done third-party websites, societal media channels, and perchance phishing. The malicious apps cannot beryllium recovered connected charismatic app repositories (Google Play Store, Samsung’s app store, aliases similar), and nan researchers still estimate connected really nan apps are being advertised crossed nan web.

So far, nan threat character seems to person infected much than 1,500 Android devices. The mostly is located successful Italy (56.8%), and Portugal (18.7%), pinch different notable mentions being Hong Kong (4.6%), Spain (3.9%), and Peru (3.4%). The researchers discovered this accusation by accessing ToxicPanda’s command-and-control (C2) panel.

The defense mechanisms against these types of attacks remains nan aforesaid - beryllium observant to only download apps from vetted sources.

Via The Hacker News

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

You mightiness besides like

  • Volt Typhoon is really a CIA asset, China claims
  • Here's a database of nan best firewalls today
  • These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

More
Source Technology
Technology