Stratos Ally

ToxicPanda Botnet: A Serious Risk to Banks in Europe and Latin America  

Picture of StratosAlly

StratosAlly

ToxicPanda Botnet: A Serious Risk to Banks in Europe and Latin America  

A silent cyber menace is on the loose, leaving a trail of compromised bank accounts and shaken customers across Europe and Latin America. Known as ToxicPanda, this powerful malware has already taken over 1,500 devices in Italy, Portugal, Spain, and several Latin American countries, striking at the heart of at least 16 financial institutions. With the ability to bypass security measures and access personal accounts undetected, ToxicPanda threatens not only the safety of individual finances but the stability of an entire region’s digital banking landscape.  

What makes ToxicPanda especially dangerous is its ability to bypass traditional banking security measures, allowing attackers to initiate unauthorized money transfers. This is done through “On-Device Fraud” (ODF), a technique where attackers remotely take control of a victim’s device and conduct transactions as if they were the actual user. Imagine someone controlling your phone remotely to access your banking app and initiate transfers without your knowledge; this is exactly what ODF enables.  

ToxicPanda’s functionality hinges on its ability to exploit Android’s accessibility services. After installation, the malware can increase its permissions, monitor app data, and grab One-Time Passwords (OTPs) sent through SMS or authenticator apps. These actions break down Multi-Factor Authentication (MFA) safeguards, which are usually added for another layer of security. This shows that even OTP protection cannot guarantee 100% protection against threat actors. 

Additionally, it employs code-hiding tactics to evade detection, making it hard for many antivirus solutions to detect it in real-time. This challenge underlines a growing issue in mobile security: How can threats like ToxicPanda bypass so many defenses? 

Google has rolled out patches for Android vulnerabilities (CVE-2024-43047 and CVE-2024-43093) that hackers could exploit, but the battle against threats like ToxicPanda is not over yet. This malware’s growth shows how Chinese-speaking cybercrime groups are changing and growing, pushing past their usual stomping grounds into new, money-making areas.  

  

more Related articles