Given how much sensitive personal and financial information is stored on the best Android phones, it’s no wonder that hackers continue to target them in their attacks.
Now though, a new version of an Android banking trojan has emerged that, in addition to stealing your passwords, funds from your banking and finance apps and your crypto, has gotten even better at avoiding detection.
As reported by Cybernews, what makes this new version of the TGToxic malware particularly dangerous is the fact that it can end up on your smartphone from a single malicious text. Likewise, while previous versions of this trojan were initially discovered in campaigns targeting Android users in Southeast Asia, its creators have updated it with new capabilities designed to target European and Latin American banking apps. Now, it’s just a matter of time before TGToxic spreads to the U.S. and other countries.
Here’s everything you need to know about this new malware campaign and how you can keep your devices and your data safe from banking trojans.
Constantly evolving
First discovered back in 2022, the TGToxic malware was first spread via phishing sites and compromised social media accounts. However, it has also been found lurking in malicious apps posing as dating, messaging and financial apps.
In October of last year though, the only fraud management firm Cleafy discovered a new strain of the TGToxic malware it dubbed ToxicPanda. After analyzing this new version, the company’s security researchers found that the malware was still under active development and that its creators were planning to expand beyond targeting users in Southeast Asia.
While this variant of TGToxic has since been discontinued, mobile malware researchers from Intel 471 found in November of last year that an updated version of the malware is currently making the rounds online.
What sets this new version apart is the fact that it has several tricks up its sleeve to help it and the cybercriminals behind it avoid detection. From using domain generation algorithm (DGA) to create new Command and Control (C2) URLs (which are used to send stolen data back to hackers) to improved checks to make sure that the malware is running on an actual Android device, TGToxic has evolved significantly since it was first discovered.
So how could this banking trojan end up on your phone? According to Intel 471’s blog post, the samples it analyzed were likely delivered text messages, downloaded from phishing sites or through malicious apps. Regardless of how it’s delivered, after installation, TGToxic scans your phone’s hardware and software before it gets to work collecting any saved passwords stored on your device. Likewise, it will also lay silently and wait for you to input credentials into your banking and finance apps in order to steal them.
Another way in which TGToxic hides on infected Android phones is by disguising itself as Google Chrome. The malware uses the same icon and name so that its targets will be less likely to try and remove it from their devices.
How to stay safe from Android malware
In order to prevent a banking trojan or other malware from ending up on your smartphone, you’re going to want to disable the “Allow from Unknown Sources” option in Android’s settings menu. This will prevent you from sideloading apps but this isn’t something you should do anyways as the APK files used to do so don’t go through the same rigorous security checks as apps on the Google Play Store do.
At the same time, I always recommend that people limit the number of apps they have installed on their devices overall. This makes it harder for malicious apps to hide in plain sight and even good apps can go bad if malicious code is injected into them through an update.
When it comes to malicious text messages and emails, you absolutely need to be careful where you click (or tap in this case). Avoid opening any links or attachments that arrive in messages from unknown senders but you also have to be extra cautious with ones sent from friends, family and coworkers, especially ones you haven’t spoken with in a long time. The reason for this is that once a hacker takes over someone’s account, they’ll often leverage their contacts as a means to spread malware and send unsuspecting users to phishing sites.
As for staying safe from malware, most Android phones come with Google Play Protect pre-installed. This free security software scans all of the new apps you download for viruses as well all of your existing apps. For extra protection though, you might want to install one of the best Android antivirus apps on your phone too.
Banking trojans are one of the most dangerous forms of malware due to just how much personal and financial data they’re able to steal from infected devices. This is why you want to avoid having your phone infected in the first place and with the right safeguards and in place and by practicing good cybersecurity habits, you absolutely can.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
