ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
Nov. 6, 2024, 11:36 a.m.
Description
A new Android banking Trojan called ToxicPanda has emerged, targeting Europe and Latin America. Originating from Chinese-speaking threat actors, it has infected over 1500 devices across Italy, Portugal, Spain, and other countries. ToxicPanda exploits accessibility services for account takeovers and on-device fraud. It can intercept OTPs, remotely control devices, and collect sensitive data. The malware uses AES encryption for C2 communication and has a sophisticated control panel. While less advanced than some trojans, ToxicPanda's expansion into new regions marks a significant shift in the threat landscape.
Tags
Date
- Created: Nov. 6, 2024, 11:19 a.m.
- Published: Nov. 6, 2024, 11:19 a.m.
- Modified: Nov. 6, 2024, 11:36 a.m.
Indicators
- mixcom.one
- mwscg.top
- kmpct.top
- fgta.lol
- freebasic.cn
- dpds.lol
- dksu.top
- dblxz.lol
- dbltest8.top
- dbltest.top
- dbltest6.top
- dblpap3.top
- dblpap2.top
- dblpap1.top
- ckysp.top
- cgtp.lol
- bnwu.lol
- atnp.lol
- 99spedmart.me
Attack Patterns
- ToxicPanda
- TgToxic
- ToxicPanda
Additional Informations
- Finance
- Hong Kong
- Portugal
- Spain
- Italy
- Peru
- France