Given the amount of sensitive personal and financial information on the best Android phones, it is not surprising that hackers continue to target them in their attacks.
Now, however, a new version of a Android banking Trojan horse has become that, in addition to stealing your passwords, funds from your banking and financing applications and your crypto, has become even better to avoid detection .
As indicated by CybernessWhat makes this new version of Tgtooxic malware particularly dangerous is the fact that it can be on your smartphone from a single malicious text. Likewise, while the previous versions of this Trojan horse were initially discovered in campaigns targeting Android users in Southeast Asia, its creators have updated it with new capacities designed to target applications European and Latin American banking. Now it is only a matter of time before the Tgtooxic spread to the United States and other countries.
Here is everything you need to know about this new campaign of malware and how you can keep your devices and your data sheltered from bank Trojans.
Evolving constantly
Discovered for the first time in 2022, Tgtooxic malware was widespread for the first time via phishing sites and compromised social media accounts. However, it was also found hidden in malicious applications which presented themselves as meetings, messages and financial applications.
In October of last year, however, the only Cleafy fraud management company discovered a new strain of Tgtooxic malware which he nicknamed Toxicpanda. After analyzing this new version, the company’s security researchers found that malware was still under active development and that its creators planned to develop beyond targeting users in Southeast Asia.
Although this variant of TGTOXIC has since been interrupted, researchers of Malveillant Mobiles Intel 471 found in November from last year that an updated version of malware is currently online tricks.
What distinguishes this new version is the fact that he has several tips in his round to help him and cybercriminals behind him avoid detection. The use of domain generation (DGA) algorithm to create new control and control URL (C2) (which are used to return stolen data to pirates) to improve significantly since its discovery for the first time.
So how could this bank Troy end up on your phone? According to Intel 471 blogThe samples he analyzed were probably delivered, downloaded from phishing sites or via malicious applications. Whatever way it is delivered, after installation, Tgtooxic scans your phone’s hardware and software before it can work on the recorded passwords stored on your device. Likewise, it will also lie down in silence and wait for you to enter identification information in your banking and financial applications in order to steal it.
Another way that the tgtooxic is hidden on infected Android phones is to disguise itself as Google Chrome. Malware uses the same icon and the same name so that its targets are less likely to try to delete it from their devices.
How to stay away from Android malware
In order to prevent a bank Troy or other malicious software from ending up on your smartphone, you will want to deactivate the option “Authorize from unknown sources” in the Android settings menu. This will prevent you from downloading applications, but it is not something that you should do anyway like the APK files used so as not to go through the same rigorous safety checks as applications on the Google Play Store.
At the same time, I always recommend that people limit the number of applications they have installed on their devices overall. This makes it more difficult for malicious applications to hide at sight and even good applications can go wrong if the malicious code is injected them through an update.
Regarding SMS and malicious emails, you must absolutely pay attention to your click (or press this case). Avoid opening links or attachments that arrive in the messages of unknown sender, but you must also be very careful with those sent by friends, family and colleagues, especially those with whom you do not have Talked for a long time. The reason is that once a pirate takes over someone’s account, he will often use his contacts as a means of spreading malware and sending without distrust to phishing sites.
As for staying out of malware, most Android phones are delivered with preinstalled Google Play Protect. This free safety software analyzes all the new applications that you download for viruses as well as all your existing applications. For additional protection, however, you may want to install one of the best Android antivirus applications on your phone.
Banking horses are one of the most dangerous malware for the amount of personal and financial data that they are able to steal infected devices. This is why you want to prevent your phone from being infected in the first place and with the right guarantees and in place and by practicing good cybersecurity habits, you can absolutely.
