ToxicPanda is a new threat for Android phones and your bank accounts, here is how you can be safe

A new malware named ToxicPanda is posing a significant threat to Android users by targeting their bank accounts. Disguised as trusted apps, this trojan is spreading globally, making it imperative for users to exercise caution while surfing online.

In Short

• Cyber security researchers warn about new trojan malware
• This new malware is targeting Android phones and banking apps
• Named ToxicPanda it has already infected over 1,500 devices

A new malware is currently spreading globally, putting Android users and their bank accounts at risk. Dubbed ToxicPanda, this sophisticated trojan malware reportedly spreads across countries by disguising itself as popular apps like Google Chrome and banking apps. According to cybersecurity firm Cleafy’s Threat Intelligence team, over 1,500 devices have already been compromised across Europe and Latin America by ToxicPanda.

According to the researchers, ToxicPanda is a financial-focused trojan derived from an earlier malware family known as TgToxic. This new variant is highly specialised, designed to bypass even standard banking security measures and enable unauthorised withdrawals directly from users' accounts.

The primary goal of cybercriminals using this trojan is to execute financial fraud by intercepting one-time passwords by exploiting Android's accessibility features and gaining permissions to manipulate higher-level device functions. What makes this particularly serious is that the malware’s capabilities allow attackers remote access, enabling control of infected devices from anywhere around the globe.

Researchers note that what makes ToxicPanda more dangerous is that it disguises itself as trusted applications, such as Google Chrome or popular banking apps, deceiving users and bypassing bank security checks. Victims often remain unaware that their device is compromised until they notice unauthorised transactions on their bank statements.

"ToxicPanda's main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a technique known as on-device fraud (ODF)," Cleafy researchers reported via Hacker News.

The reports further reveals that till date hundreds of users have already came into contact for this trojan and majority of these victims are reported from countries like Italy (56.8 per cent), followed by Portugal (18.7 per cent, Hong Kong (4.6 per cent), Spain (3.9 per cent, and Peru (3.4 per cent).

How does ToxicPanda infect smartphones?

Researchers explain that ToxicPanda primarily spreads through sideloading—when users download and install apps from sources outside official app stores like Google Play or the Galaxy Store. Cybercriminals set up convincing fake app pages to trick users into downloading the malware. Although not available on major app stores, the malware is reportedly still under active development.

While the creators' identities of ToxicPanda remain uncertain, Cleafy’s analysis suggests it likely originates in China, possibly Hong Kong.

How to protect yourself from ToxicPanda

• To protect your Android device and sensitive financial information, vigilance and precaution are crucial. Here are a few safety tips to follow:
• Download apps only from official sources like the Google Play Store or Galaxy Store. Sideloading from unofficial third-party sites greatly increases your risk of malware exposure.
• Regularly update your software as companies release updates with critical security patches to guard against evolving threats. Ensure your device’s operating system and apps are up-to-date.
• Monitor your account activity closely. Set up alerts for suspicious transactions so you’re immediately informed of any unauthorised activity.
• Ignore installation prompts while browsing or using apps not from an official store. Such prompts often signal malware trying to install itself on your device.