In recent years, the rise of sophisticated mobile banking fraud has become a growing concern, with a surge in cyberattacks targeting financial institutions across multiple regions. One of the most alarming threats uncovered in late October 2024 is the emergence of a new Android-based banking Trojan campaign dubbed ToxicPanda identified by Cleafy’s Threat Intelligence team.
ToxicPanda is a type of banking Trojan that allows hackers to take control of a victim’s phone and steal money. The malware uses a method called On-Device Fraud (ODF), where the hacker can bypass bank security measures and carry out unauthorised transactions directly from the infected device.
The scope of the ToxicPanda attack is vast, with over 1,500 devices already infected across several countries, including Italy, Portugal, Spain, and Latin America. More than half of these compromised devices are based in Italy, underscoring the country’s significant exposure to this emerging threat. While the campaign initially targeted European banking institutions, the expansion into Latin America indicates a shift in the threat actors’ operational focus, further complicating efforts to contain the attacks.
While ToxicPanda shares some features with other known malware like TgToxic, it has key differences, suggesting it is a new and evolving threat. It also appears to be in early stages, with some commands still not fully functional.
What’s concerning is that the hackers behind the campaign are believed to be Chinese-speaking, which is unusual for cybercriminals targeting Europe and Latin America. This shift could mean a larger, more global reach for the attackers, making it harder for authorities to track and stop them.
As cyberattacks on financial systems increase worldwide, India remains a critical point of focus. With the rapid digitisation of banking services and a large mobile-first user base, India faces an increasing threat from sophisticated banking Trojan campaigns like ToxicPanda. Financial institutions should implement robust security protocols to prevent the infiltration of malicious malware, while consumers must stay educated on safe mobile practices to protect themselves from such threats.