A new Android trojan called ToxicPanda has been discovered targeting bank accounts by spoofing popular apps. The malware, identified by Cleafy’s Threat Intelligence team, has infected over 1,500 devices worldwide, mainly in Europe and Latin America.
ToxicPanda uses advanced methods to bypass security measures, making unauthorized withdrawals from the target account. It can intercept one-time passwords, exploit Android’s accessibility services, and grant itself elevated permissions. The malware spreads through sideloading, often using fake app pages to lure users into downloading it.
Protecting against ToxicPanda involves avoiding sideloading, downloading from trusted sources, and keeping devices up to date. Users should also watch their bank accounts closely and ignore installation prompts outside of the Google Play Store or Galaxy Store.
Banks can protect their clients’ accounts by reinforcing behavioral detection software, incorporating passkeys, and implementing multi-factor authentication safeguards. As digital threats evolve, it’s essential for users to remain vigilant and prioritize security measures to safeguard their data and money.
Source: https://www.androidpolice.com/toxicpanda-trojan