ToxicPanda allows you to extract money from your bank account using your cell phone. More than 1500 cell phones have already been infected.
The virus begins by installing itself on the cell phones of those who download fake applications. These may arise in social networks or app stores unofficial, pretending to be real. Whoever installs them thinks they are downloading the original version.
On Android devices, ToxicPanda even ends up being able to change accessibility services, and manipulates access permissions. In addition to being able to collect information, the virus is also capable of remotely controlling the infected device.
And this is how criminals are able to make bank transfers without the user noticing, extracting money from bank account that users have, as a rule, in the bank application.
Cleafy LABS
Fake application icons that have been used to camouflage ToxicPanda
According to , ToxicPanda can also intercept one-time passwords sent via SMS or generated with authenticator applications, which allows you to bypass two-factor authentication protections and carry out these fraudulent transactions.
According to a report from , more than 1500 devices have already been affected, particularly in Europe and South America. Italy is the hardest hit country by ToxicPanda (56.8%). Portugal follows in second place, where 18.7% of attacks occurred, ahead of Spain, France and Peru.
According to the investigation carried out by Cleafy Intelligence, the malware it is still being updated (there are features it has not yet achieved) and will originate in Asia — probably China.
Cleafy’s Threat Intelligence report also highlights that it is uncommon for malware operations originating in Asia to target Europe or Latin America — which could mean that these actors will be expanding their operations.
