← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
WHITE ToxicPanda AlienVault 2024-11-06 Modified: 2024-11-06
24
IOCs
MEDIUM VOLUME
A new Android banking Trojan called ToxicPanda has emerged, targeting Europe and Latin America. Originating from Chinese-speaking threat actors, it has infected over 1500 devices across Italy, Portugal, Spain, and other countries. ToxicPanda exploits accessibility services for account takeovers and on-device fraud. It can intercept OTPs, remotely control devices, and collect sensitive data. The malware uses AES encryption for C2 communication and has a sophisticated control panel. While less advanced than some trojans, ToxicPanda's expansion into new regions marks a significant shift in the threat landscape.
aes encryptiontoxicpandac2 infrastructurebanking trojanchinese threat actorsandroidaccessibility abusetgtoxicon-device fraudlatin americaeurope
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
ToxicPanda TgToxic
Indicators of Compromise (5 / 24 total)
All FileHash-MD5 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2f5c4325f77280b2b58be981f9051f04 2024-11-06
FileHash-MD5 4295dfdd9d9fad74ee08d48d13e2b856 2024-11-06
FileHash-MD5 68139c9e7960d3eb956472bdc5ed5ad2 2024-11-06
FileHash-MD5 6e0a7e94ce0a1fe70d43fe727dc41061 2024-11-06
FileHash-MD5 f5c44a7044572e39e8fb9fa8e1780924 2024-11-06
References (1)
↗ https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam