A sophisticated new malware campaign has been discovered that specifically targets Android devices to steal money from users. The malware, dubbed TgToxic, disguises itself as legitimate software to gain the trust of users. Once installed, it silently lurks in the background, waiting for users to enter their online banking credentials.
First detected in 2022, TgToxic primarily targeted Southeast Asian mobile users via phishing sites and compromised social media accounts. However, its attackers have improved their toolset to expand their attacks on devices globally. European and Latin American banks are now being included in the list of applications targeted by the trojan.
Researchers say that the attackers’ shift in attack tactics suggests a calculated attempt to engage new markets and demographic groups beyond its original targets in Southeast Asia. The malware now uses domain generation algorithms (DGAs) to obtain command-and-control URLs, making it harder for cybersecurity specialists to disrupt malicious communication between devices and hacker-controlled servers.
The Android trojan takes over devices through phishing SMS links, evaluating the device’s hardware and system capabilities to detect virtual environments. It then pretends to be a Google Chrome application and uses DGAs to connect to C2 servers, encrypting communications using HTTPS requests over port 443.
To protect your Android from Trojan malware, experts recommend:
– Installing applications from official app stores
– Disabling “Allow from Unknown Sources” in settings
– Monitoring app permissions and being cautious of unusual requests
– Using mobile device management software for corporate security
– Deploying indicators of compromise to detect potential threats
– Providing regular cybersecurity training for employees
As Android users face rising risks from Trojan malware, it’s essential to stay vigilant and take proactive measures to secure your devices.
Source: https://cybernews.com/security/android-trojan-phishing