Since July 2022, a malicious campaign has been targeting Android users in Southeast Asia with the goal of stealing their assets from finance and banking applications. This banking trojan, named TgToxic, is embedded in multiple fake apps and has been observed targeting users in Taiwan, Thailand, and Indonesia. To protect themselves, users should be wary of opening links from unknown email and message senders, and should avoid downloading apps from third-party platforms. The malicious apps can be disguised as dating, messaging, lifestyle, or cryptocurrency-related apps in order to trick users into installing and granting permissions. As of late 2022 to early 2023, the cybercriminals behind the campaign began targeting Thai users with similar sextortion and phishing lures, and added malicious code to steal credentials from bank applications. The malware is based on a legitimate automation test framework called Easyclick, which allows it to hijack cryptocurrency wallets and bank apps by stealing users' credentials. It can also steal personal information via SMS and installed apps, and can transfer money to the threat actors without the user's knowledge. To protect against this type of malware, users should avoid downloading apps from unknown sources and should not click on apps, installers, or websites embedded in SMS or emails from unknown senders. Additionally, they should not enable sensitive permissions such as Accessibility services for unknown apps. If a device is experiencing battery drain despite not being used, this could be a sign of malware infection. Trend Micro Mobile Security Solutions can scan mobile devices in real time and on demand to detect malicious apps, sites, or malware and block or delete them.
This Cyber News was published on www.trendmicro.com. Publication date: Fri, 03 Feb 2023 11:22:02 +0000