SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.toxic_panda (Back to overview)

ToxicPanda

ToxicPanda is an Android banking RAT first identified by Cleafy in October 2024. It shows similarity to the TgToxic campaign, but appears to be a new development rather than a derivative. The threat actors are likely Chinese speakers. ToxicPanda initially made use of hardcoded C2 domains only, but started to incorporate a DGA in late 2024.

References
2024-11-04CleafyAlessandro Strino, Federico Valentini, Michele Roviello
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
ToxicPanda

There is no Yara-Signature yet.