The ‘ToxicPanda’ malware has already infected around 1,500 Android devices around the world. According to Cleafy researchers, the cybercriminals behind it are Chinese and the attacks have begun to reach Latin America.
Aimed at carrying out fraudulent banking transactions on infected Android smartphones and tablets, ‘ToxicPanda’ has hit the following locations: Italy, Portugal, Hong Kong and Spain. However, around 3.4% of infections occurred in Peru, which brings the malware closer to Brazil and indicates a possible malicious campaign in Latin America in the near future.
According to Michele Roviello, Alessandro Strino and Federico Valentini, to THN, ToxicPanda’s “main objective is to carry out monetary transfers through compromised devices via ATO (account takeover) and a well-known technique called on-device fraud (ODF)”.
ODF is a cybercriminal tactic of carrying out fraudulent transactions via the infected device itself – which makes it difficult for cybersecurity teams at banks, for example, to detect.
The researchers also comment that they found similarities between ToxicPanda and another known Android malware: TgToxic. The latter, also allegedly developed by the Chinese, has the ability to steal credentials from crypto wallets.
One thousand five hundred affected devices may seem like a low number – and, indeed, it still is. However, research indicates that the malware is in the early stages of its action.
Victims How it works
ToxicPanda simulates the appearance of applications such as Google Chrome, Visa and others. The modus operandi follows that of any malware of this type: it offers fake pages of the apps in question to trick and rob the victim.
It also abuses Android’s accessibility services to gain permissions, manipulate user entries, intercept OTP passwords via SMS or 2FA and carry out transactions. In the end, cybercriminals have complete control over what happens on the device.
The Cleafy researchers were successful in visualizing ToxicPanda’s control panel (C2). There, it is possible to follow infection graphs, model details, location etc. See:
Dashboard (The Hacker News) – The importance of antivirus
In addition to basic steps such as “don’t download apps outside your device’s official store”, it’s very important that you keep an antivirus app active. To protect your system against the virus known as Toxic Panda, it is essential to keep your antivirus up to date. Here are some practical steps to strengthen your device’s security:
- Keep your antivirus up to date: Configure your antivirus to perform automatic updates, preferably daily. This ensures that new virus definitions are applied against emerging threats, including Toxic Panda.
- Regular System Scanning: Perform full system scans on a weekly basis. Quick scans are fine for day-to-day use, but a full scan helps to identify hidden threats that may be overlooked.
- Avoid Downloads from Unreliable Sources: Toxic Panda can spread through suspicious downloads. Only download files and programs from official, well-known sites. If you need to download from another source, make sure you scan the file before running it.
- Update Your Operating System: In addition to antivirus software, keeping your operating system up-to-date closes security loopholes that can be exploited by viruses like Toxic Panda.
- Don’t Click on Suspicious Links: The virus can be spread by fraudulent emails or infected links on websites. Avoid clicking on links or attachments that look suspicious or come from unknown senders.
- Be wary of emails with apparently attractive promotions: Phishing is a common technique for spreading viruses. Watch out for emails with attractive offers or urgent messages, and avoid downloading anything from these messages without verification.
- Consider a Trusted Antivirus with an Active Firewall: Antivirus with a built-in firewall can help block suspicious activity that is trying to access your network or system data.
- Perform Regular Backups: Keep up-to-date backups of your files on an external device or in the cloud, to protect yourself in case the virus compromises your system.
By following these guidelines, you increase the security of your device against Toxic Panda and other types of digital threats.