← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ToxicPanda: The Android Banking Trojan Targeting Europe.
ToxicPanda is an evolving Android banking trojan that primarily targets banking and digital wallet credentials through sophisticated attack techniques. This malware is known for overlaying PINs and pattern codes, which allows cybercriminals to conduct unauthorized financial transactions directly from compromised devices. Initially identified in Southeast Asia in 2022, ToxicPanda has since shifted its focus to Europe, predominantly targeting Portugal and Spain as of early 2025, with a notable increase in installations, now affecting approximately 4,500 devices.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | aerodromeabase.com | — | 2025-07-30 | |
| domain | bentonwhite.com | — | 2025-07-30 | |
| domain | bplnetempresas.com | — | 2025-07-30 | |
| domain | chalnlizt.org | — | 2025-07-30 | |
| domain | check-googlle.com | — | 2025-07-30 | |
| domain | cihainlst.org | — | 2025-07-30 | |
| domain | comteste.com | — | 2025-07-30 | |
| domain | cuenta-ntflx.com | — | 2025-07-30 | |
| domain | d7472ad157.lol | — | 2025-07-30 | |
| domain | dogs-airdp.com | — | 2025-07-30 | |
| domain | euro-mago.com | — | 2025-07-30 | |
| domain | extensionphantomisyour.com | — | 2025-07-30 | |
| domain | frezorapp.io | — | 2025-07-30 | |
| domain | haleetemug.com | — | 2025-07-30 | |
| domain | infos-lieferung.com | — | 2025-07-30 | |
| domain | infos-versand.de | — | 2025-07-30 | |
| domain | io-suite-web.com | — | 2025-07-30 | |
| domain | ksicngtw.org | — | 2025-07-30 | |
| domain | manflle.com | — | 2025-07-30 | |
| domain | miner-tolken.com | — | 2025-07-30 | |
| domain | mktgads.com | — | 2025-07-30 | |
| domain | mondiale-relaissupport.com | — | 2025-07-30 | |
| domain | onsuitex.com | — | 2025-07-30 | |
| domain | phaimtom.com | — | 2025-07-30 | |
| domain | phanetom.com | — | 2025-07-30 | |
| domain | phantomisyourextension.com | — | 2025-07-30 | |
| domain | phanutom.com | — | 2025-07-30 | |
| domain | phaqwentom.com | — | 2025-07-30 | |
| domain | phatom-wa.com | — | 2025-07-30 | |
| domain | phatom-we.com | — | 2025-07-30 | |
| domain | phavtom-v1.com | — | 2025-07-30 | |
| domain | phavtom-v2.com | — | 2025-07-30 | |
| domain | phavtom-v3.com | — | 2025-07-30 | |
| domain | portalonline-simplespgme.online | — | 2025-07-30 | |
| domain | portalreceitafazenda.com | — | 2025-07-30 | |
| domain | private-lieferung.de | — | 2025-07-30 | |
| domain | roninachain.com | — | 2025-07-30 | |
| domain | ronnin-v2.com | — | 2025-07-30 | |
| domain | ronnin-v3.com | — | 2025-07-30 | |
| domain | ronnnn.com | — | 2025-07-30 | |
| domain | symbiatec-fi.com | — | 2025-07-30 | |
| domain | symbiatic-fi.com | — | 2025-07-30 | |
| domain | symbieitc.com | — | 2025-07-30 | |
| domain | symbietic.com | — | 2025-07-30 | |
| domain | symblatic.com | — | 2025-07-30 | |
| domain | symdlotic.com | — | 2025-07-30 | |
| domain | synbioltic.com | — | 2025-07-30 | |
| domain | tradr0ger.cloud | — | 2025-07-30 | |
| domain | trust-walles.com | — | 2025-07-30 | |
| domain | update-chronne.com | — | 2025-07-30 | |
| domain | v2-rubby.com | — | 2025-07-30 | |
| domain | v3-rabby.com | — | 2025-07-30 |