ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
Nov. 6, 2024, 11:36 a.m.
Tags
External References
Description
A new Android banking Trojan called ToxicPanda has emerged, targeting Europe and Latin America. Originating from Chinese-speaking threat actors, it has infected over 1500 devices across Italy, Portugal, Spain, and other countries. ToxicPanda exploits accessibility services for account takeovers and on-device fraud. It can intercept OTPs, remotely control devices, and collect sensitive data. The malware uses AES encryption for C2 communication and has a sophisticated control panel. While less advanced than some trojans, ToxicPanda's expansion into new regions marks a significant shift in the threat landscape.
Date
Published: Nov. 6, 2024, 11:19 a.m.
Created: Nov. 6, 2024, 11:19 a.m.
Modified: Nov. 6, 2024, 11:36 a.m.
Indicators
mixcom.one
mwscg.top
kmpct.top
fgta.lol
freebasic.cn
dpds.lol
dksu.top
dblxz.lol
dbltest8.top
dbltest.top
dbltest6.top
dblpap3.top
dblpap2.top
dblpap1.top
ckysp.top
cgtp.lol
bnwu.lol
atnp.lol
99spedmart.me
Attack Patterns
ToxicPanda
TgToxic
ToxicPanda
Additional Informations
Finance
Hong Kong
Portugal
Spain
Italy
Peru
France