Today > vulnerabilities   -   You can now download lists of IOCs here!

ToxicPanda: a new banking trojan from Asia hit Europe and LATAM

Nov. 6, 2024, 11:36 a.m.

Description

A new Android banking Trojan called ToxicPanda has emerged, targeting Europe and Latin America. Originating from Chinese-speaking threat actors, it has infected over 1500 devices across Italy, Portugal, Spain, and other countries. ToxicPanda exploits accessibility services for account takeovers and on-device fraud. It can intercept OTPs, remotely control devices, and collect sensitive data. The malware uses AES encryption for C2 communication and has a sophisticated control panel. While less advanced than some trojans, ToxicPanda's expansion into new regions marks a significant shift in the threat landscape.

Date

Published: Nov. 6, 2024, 11:19 a.m.

Created: Nov. 6, 2024, 11:19 a.m.

Modified: Nov. 6, 2024, 11:36 a.m.

Indicators

mixcom.one

mwscg.top

kmpct.top

fgta.lol

freebasic.cn

dpds.lol

dksu.top

dblxz.lol

dbltest8.top

dbltest.top

dbltest6.top

dblpap3.top

dblpap2.top

dblpap1.top

ckysp.top

cgtp.lol

bnwu.lol

atnp.lol

99spedmart.me

Attack Patterns

ToxicPanda

TgToxic

ToxicPanda

Additional Informations

Finance

Hong Kong

Portugal

Spain

Italy

Peru

France