ToxicPanda allows to extract money from your bank account using your cell phone. More than 1,500 cell phones have already been infected.
The virus begins by installing itself on the phones of those who download fake apps. These can appear on social networks or in unofficial app stores, posing as the real thing. Those who install them think they are downloading the original version.
On Android devices, ToxicPanda even manages to mess with accessibility services and manipulates access permissions. As well as being able to collect information, the virus is also able to remotely control the infected device.
And this is how criminals manage to make bank transfers without the user realizing it, by extracting money from the bank account that users usually have in the bank’s app.
According to JN, ToxicPanda can also intercept single-use passwords sent by SMS or generated with authenticator applications, which allows it to bypass the protections of two-factor authentication and carry out these fraudulent transactions.
According to a report by Cleafy Intelligence, more than 1,500 devices have already been affected, particularly in Europe and South America. Italy is the country most affected by ToxicPanda (56.8%). Portugal follows in second place, where 18.7% of attacks have occurred, ahead of Spain, France and Peru.
According to the research carried out by Cleafy Intelligence, the malware is still being updated (there are features it hasn’t reached yet) and it will originate from Asia – probably China.
Cleafy’s Threat Intelligence report also points out that it is unusual for malware operations originating in Asia to target Europe or Latin America – which could mean that these agents are expanding their operations.