Attacks with the newly emergent ToxicPanda Android banking trojan have compromised more than 1,500 Android devices around the world, with Italy, Portugal, Hong Kong, Spain, and Peru accounting for most of the infections, The Hacker News reports.
Widely used apps, including Google Chrome and Visa, have been impersonated by ToxicPanda, which when installed not only aims for privilege escalation and user input modification but also one-time password compromise to facilitate on-device fraud involving unauthorized money transfers, according to a report from Cleafy. Further examination of the suspected Chinese-developed ToxicPanda revealed similarities with TgToxic Android malware. "ToxicPanda needs to demonstrate more advanced and unique capabilities that would complicate its analysis. However, artifacts such as logging information, dead code, and debugging files suggest that the malware may either be in its early stages of development or undergoing extensive code refactoring—particularly given its similarities with TGToxic," Cleafy researchers said.
