By Asmita Mallick and Prithwish Ganguli
Toxic Panda is a sophisticated Android banking trojan that targets users in Europe, Latin America, and Southeast Asia. Using advanced techniques like account takeover (ATO) and on-device fraud (ODF), it bypasses security mechanisms, including multi-factor authentication, to steal sensitive data and conduct unauthorized transactions. The malware's ability to manipulate user inputs and intercept one-time passwords makes it a significant threat. This paper explores the implications of ToxicPanda, highlights the evolving landscape of cybercrime, and offers insights into preventive measures and legal frameworks to combat emerging threats.
Unpublished paper, 2024.