ToxicPanda Android Banking Malware Infects Over 4,500 Devices in Europe

ToxicPanda, a sophisticated Android banking trojan, has infected over 4,500 mobile devices in Europe, representing a major malware campaign. It targets banking and digital wallet apps, using advanced overlay techniques to steal login credentials, PINs, and pattern locks.

Once installed, ToxicPanda grants attackers full control over compromised devices, allowing them to intercept two-factor authentication codes and initiate unauthorized transactions. Initially identified by Trend Micro in 2022, the malware expanded from Southeast Asia to Europe, with significant activity now concentrated in Portugal and Spain.

ToxicPanda employs advanced persistence techniques, abusing Android’s Accessibility Services to maintain control and evade removal. It disguises itself as “Google Chrome” and requests extensive permissions to access device functions. Complete removal requires specialized commands due to its self-protection mechanisms.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security