Episode Notes: In this episode of Upwardly Mobile, we dive deep into the world of Android banking trojans, focusing on the rising threats of ToxicPanda and TgToxic. These sophisticated pieces of malware are targeting mobile users across the globe, aiming to steal credentials, cryptocurrency, and funds from banking and finance apps [1, 2].We explore how these trojans operate, their evolution, and most importantly, how you can protect yourself [3, 4].Key Discussion Points:

• The Threat Landscape: Understanding the basics of mobile banking trojans and their increasing prevalence [2, 5].
• ToxicPanda: Discover the tactics used by this relatively new trojan, including social engineering and on-device fraud to bypass security features like two-factor authentication [6].
• TgToxic: Uncover the advanced anti-analysis techniques used by TgToxic, including code obfuscation, payload encryption, and dynamic command-and-control (C2) strategies [7-9].
• Geographical Targets: Identifying the regions most affected by these threats, including Europe, Latin America, and Southeast Asia [10-12].
• Technical Analysis: Examining how TgToxic abuses legitimate automation frameworks like Easyclick to hijack user interfaces and automate malicious activities [13, 14].
• 防禦 Strategy: Practical steps you can take to protect your Android devices from these banking trojans, including disabling "Allow from Unknown Sources", being wary of suspicious emails and links, and monitoring app permissions [3, 4].
• The Role of Social Engineering: Recognising how social engineering remains a primary method for distributing malware and how to avoid falling victim to these attacks [10].
• Real-World Impact: Understanding the potential financial losses and the importance of staying informed about emerging cyber threats [10].
• C2 (Command and Control) Strategies: Understanding the dynamic C2 strategies used by TgToxic, including domain generation algorithms (DGA) and dead drop locations [7, 15].

Sponsor: This episode is brought to you by Approov (https://www.approov.io/). Approov helps protect your mobile apps from abuse and fraud. Learn more about their runtime application self-protection (RASP) and device attestation solutions [7].Relevant Links:

• Avoiding Social Engineering and Phishing Attacks: https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks [16]
• Android Banking Trojan ToxicPanda Targets Europe: https://www.securityweek.com/android-banking-trojan-toxicpanda-targets-europe/ [16]
• ToxicPanda: a new banking trojan from Asian hits Europe and LATAM: https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam [16]
• TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users: https://www.trendmicro.com/en_us/research/23/b/tgtoxic-malware-targets-southeast-asia-android-users.html [16]
• Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users:https://thehackernews.com/2023/02/enigma-vector-and-tgtoxic-new-threats.html [17]

Keywords: Android malware, banking trojan, ToxicPanda, TgToxic, mobile security, cybersecurity, social engineering, phishing, malware analysis, mobile banking, cryptocurrency, Approov, runtime application self-protection, device attestation, Easyclick, domain generation algorithm, mobile threat defense, smishing.