"ToxicPanda's main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF)," Cleafy researchers Michele Roviello, Alessandro Strino, and Federico Valentini said in a Monday analysis.
"It aims to bypass bank countermeasures used to enforce users' identity verification and authentication, combined with behavioral detection techniques applied by banks to identify suspicious money transfers."
"While it shares some bot command similarities with the TgToxic family, the code diverges considerably from its original source," the researchers said. "Many capabilities characteristic of TgToxic are notably absent, and some commands appear as new additions."
A majority of the compromises have been reported in Italy (56.8%), followed by Portugal (18.7%), Hong Kong (4.6%), Spain (3.9%), and Peru (3.4%), marking a rare instance of a Chinese threat actor orchestrating a fraudulent scheme to target retail banking users in Europe and Latin America.
Collection
[
|
...
]