If you’re an Android phone user, beware! A new malware is surfacing online called the ToxicPanda. This malware is rapidly spreading worldwide rapidly and affecting Android users. The malware is disguised as trusted apps. A cybersecurity firm Cleafy reported that over 1,500 devices across Europe and Latin America have already been compromised by this malware. Countries most affected include Italy, with 56.8% of reported cases, followed by Portugal (18.7%), Hong Kong (4.6%), Spain (3.9%), and Peru (3.4%).
ToxicPanda primarily spreads through sideloading, when users don’t download apps from authorised playstores. The ToxicPanda malware infiltrates the devices by mimicking popular apps like Google Chrome and various banking apps. Users think that these apps are legit and download them. Once downloaded, the malware gains access to sensitive information and even bypasses standard banking security measures. According to Cleafy’s Threat Intelligence team, this malware intercepts OTPs and manipulates high-level device functions through Android’s accessibility features. Post that, attackers can remotely control infected devices and initiate unauthorised transactions.
This malware originates from an earlier malware family known as TgToxic. ToxicPanda is designed for financial fraud. Cybercriminals exploit on-device fraud (ODF) techniques to initiate money transfers from compromised devices through account takeovers (ATO). What this means is that victims won’t even find out about this until they check their account activity.
To protect yourself from ToxicPanda, follow these tips:
• Download apps only from official sources like the Google Play Store.
• Update your software regularly.
• Monitor your account activity and set up alerts for suspicious transactions.
• Ignore downloading apps from random links.
Stay safe and vigilant and make sure that you keep monitoring your device for such activities.