ToxicPanda Banking Trojan Infects Over 1,500 Android Smartphones, Targets 16 Banks: Report

Threat actors can use ToxicFraud banking trojan to perform on-device fraud (ODF) on a victim's smartphone.

Advertisement
Written by David Delima | Updated: 7 November 2024 12:53 IST
Highlights
  • ToxicPanda is a recently detected Android banking trojan
  • Users are prompted to install the trojan using social engineering
  • The ToxicPanda trojan can gain access to a user's bank accounts

Cleafy's Threat Intelligence team said traditional malware scanners were unable to detect ToxicPanda

Photo Credit: Pixabay/ @neotam

ToxicPanda — a banking trojan that is believed to be in an early stage of development — has been detected by security researchers in Europe and Latin America. It is believed to be derived from another banking trojan detected in 2023, and is used to remotely take over accounts on compromised phones, allowing attackers to transfer funds while bypassing security measures aimed at stopping suspicious transactions. ToxicPanda was reportedly found on over 1,500 devices, while targeting users of 16 banking institutions.

Researchers at Cleafy's Threat Intelligence detected a new Android malware in October that they previously detected as TgToxic, another banking trojan that was actively used in Southeast Asia and was identified by the group last year. The researchers found that the new sample did not contain capabilities from TgToxic, and that the code was not similar to the original trojan.

Advertisement

The ToxicPanda trojan is disguised as popular applications
Photo Credit: Cleafy

Advertisement

 

As a result, the researchers started to track the newly detected remote access trojan (RAT) as ToxicPanda and warns that the malware can lead to account takeover (ATO) after a victim's device is infected. Cleafy's Threat Intelligence team also says that by opting for manual distribution (sideloading, using social engineering), threat actors (TA) can circumvent a bank's security measures that are used to keep users safe.

Advertisement

In order to access almost all information on a user's device, the malware exploits the accessibility service on Android, allowing it to capture data from all apps. It is also capable of sidestepping two-factor authentication (such as OTPs) by capturing the contents of the screen. 

The creators of the ToxicPanda malware are Chinese speakers, according to the researchers. Over 1,500 devices were infected with the ToxicPanda trojan and users from Italy were the most impacted — more than 50 percent of all infected devices. Other impacted locations include Portugal, Spain, France, and Peru. Customers of 16 banks were reportedly targeted by the TAs using the ToxicPanda trojan.

Advertisement

The researchers also point out that current antivirus solutions have failed to detect these threats, which suggests the need for a "proactive, real-time detection system". A botnet of infected devices was also spotted in use in Europe and Latin American countries, which suggests that the Chinese-based TAs are now turning their attention to other markets. 

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement
Popular Mobile Brands
  1. Sony IER-M500 In-Ear Monitors Launched With 5mm Driver, Hi-Res Audio
  2. Apple Reviews iPhone 17 Demand as Costs Rise Due to Memory Shortage: Report
  3. Motorola Edge 70 Max to Launch in India On This Day
  4. OTT Releases This Week: Peddi, Ikka, Balti, Dose, The Westies, and More
  5. Tecno's Camon 50 Ultra 5G Will Arrive in India on This Date via Amazon
  1. Tecno Camon 50 Ultra 5G India Launch Date Announced; Colourways and Amazon Availability Confirmed
  2. Apple Reportedly Reviews iPhone 17 Demand as Costs Rise Amid Ongoing Memory Shortage
  3. Interpol Traces $122 Million Crypto Wallet Connected to Romance Scam Network
  4. Hong Kong's Securities and Futures Commission Tightens Anti-Phishing Standards for Crypto Platforms
  5. Itel Zeno 100 Pro India Launch Date Announced as Company Teases Zeno 100 Lite Arrival, Key Features
  6. Sony RX10 V Compact Camera Launched With 20.1-Megapixel Sensor, 4K 120fps Video Recording and 25x Optical Zoom
  7. Motorola Edge 70 Max India Launch Date Announced; Design, Key Features Revealed
  8. Asus Vivobook 14, Vivobook 15 Refreshed With Intel Core Series 3 Processors: Price, Availability
  9. Call of Duty: Black Ops and Black Ops 2 Ports Released on PS4 and PS5
  10. Samsung Galaxy Z Fold 8, Z Fold 8 Ultra Prices Surface Ahead of Unpacked Launch Event
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.