A new banking trojan, known as ToxicPanda, is targeting Android devices in Europe and Latin America. The malware, developed by a Chinese hacker, can initiate money transfers, steal MFA codes, and capture sensitive information from compromised devices.
ToxicPanda is similar to an older piece of malware called TgToxic, but with some key differences. It’s often hidden in fake Chrome or Visa apps, distributed through third-party websites and social media channels. The malware has already infected over 1,500 Android devices, with the majority located in Italy, Portugal, Hong Kong, Spain, and Peru.
Researchers say the defense against such attacks remains simple: only download apps from vetted sources. To avoid falling victim to ToxicPanda or similar threats, users should be cautious when downloading apps from unofficial sources.
Source: https://www.techradar.com/pro/security/dangerous-android-banking-malware-looks-to-trick-victims-with-fake-money-transfers