ToxicPanda: a new banking trojan from Asia hit Europe and LATAM

Nov. 6, 2024, 11:36 a.m.

Description

A new Android banking Trojan called ToxicPanda has emerged, targeting Europe and Latin America. Originating from Chinese-speaking threat actors, it has infected over 1500 devices across Italy, Portugal, Spain, and other countries. ToxicPanda exploits accessibility services for account takeovers and on-device fraud. It can intercept OTPs, remotely control devices, and collect sensitive data. The malware uses AES encryption for C2 communication and has a sophisticated control panel. While less advanced than some trojans, ToxicPanda's expansion into new regions marks a significant shift in the threat landscape.

External References

https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
https://otx.alienvault.com/pulse/672b50c9a46bdbb1f1ddfb2c
Tags
android
banking trojan
aes encryption
c2 infrastructure
chinese threat actors
2024-11-06
tgtoxic
latin america
on-device fraud
toxicpanda
accessibility abuse
europe

Date

  • Created: Nov. 6, 2024, 11:19 a.m.
  • Published: Nov. 6, 2024, 11:19 a.m.
  • Modified: Nov. 6, 2024, 11:36 a.m.

Indicators

  • mixcom.one
  • mwscg.top
  • kmpct.top
  • fgta.lol
  • freebasic.cn
  • dpds.lol
  • dksu.top
  • dblxz.lol
  • dbltest8.top
  • dbltest.top
  • dbltest6.top
  • dblpap3.top
  • dblpap2.top
  • dblpap1.top
  • ckysp.top
  • cgtp.lol
  • bnwu.lol
  • atnp.lol
  • 99spedmart.me
Download all indicators here!

Attack Patterns

  • ToxicPanda
  • TgToxic
  • ToxicPanda

Additional Informations

  • Finance
  • Hong Kong
  • Portugal
  • Spain
  • Italy
  • Peru
  • France