Cybersecurity researchers recently discovered a new Android malware that aims to steal money from bank accounts. Called ToxicPanda, the banking trojan commonly spreads through sideloading and often impersonates popular apps like Google Chrome. Discovered last month by Cleafly Intelligence, ToxicPanda's campaign was initially associated with TgToxic, another banking trojan that targeted users in Southeast Asia. However, upon subsequent analysis, it was found that the new malware's code differs significantly. According to the cybersecurity firm, ToxicPanda's main objective is to initiate money transfers from affected Android phones using techniques like 'account takeover' and 'On-Device fraud.' The banking trojan tries to bypass the bank's security measures by enforcing "identity verification and authentication, combined with behavioural detection techniques applied by banks to identify suspicious money transfers." However, the malware still seems to be under development as some commands are still placeholders and have no real functionality. Since the malware uses Android's accessibility service, it can also remotely control your phone even when you are not actively using it. The report also states that threat actors use fake app pages to lure users into downloading apps and primarily spreads itself through sideloading. To give you a quick recap, sideloading is the process of installing apps that are not from trusted sources like Google Play Store or Samsung Galaxy Store. The cybersecurity firm claims that ToxicPanda has already infected over 1,500 Android devices and 16 banks in countries like France, Italy, Portugal, Latin America and Spain to name a few. While the threat actors behind the malware are not known, the cybersecurity firm says that it could be the work of some China-based threat actors. In case you are wondering, some popular institutions targeted by the malware include Bank of Queensland, Citibank, Coinbase, PayPal, Tesco, and Airbnb. Apart from stealing user data, the malware also sends links to malware-infected apps via WhatsApp messages.
