Toddler Android Banking Malware Spreads Across Europe

 

Cybersecurity researchers have unearthed a new Android banking Trojan dubbed ‘Toddler’, which is infecting users across Europe. According to the team at the PRODAFT Threat Intelligence (PTI), Toddler, also known as TeaBot / Anatsa, is part of an increasing trend of mobile banking malware attacking countries such as Spain, Germany, Switzerland, and the Netherlands. The malware was first identified in January by a cybersecurity firm Cleafy. Threat actors have used the malware to attack users of 60 banks in Europe. In June, Bitdefender discovered Spain and Italy as two countries where users were most likely to get infected.According to PTI, Spain has secured the top spot in cyberattacks in this year’s malware analysis. To date, at least 7,632 mobile devices have been infected. After breaking into the Command and Control (C2) server used by Trojan horse operators, the researchers also discovered over 1000 sets of stolen banking credentials.Cybersecurity researchers have spotted numerous legitimate websites “serving” the Toddler malware through malicious .APK files and Android apps. However, there is no evidence of the malware on the Google Play Store. Toddler is pre-configured to target the users of “dozens” of banks across Europe, yet all of the known infections so far relate to just 18 different financial organizations, five of which comprise 90% of attacks. The Trojan works by utilizing overlay attacks to trick victims into submitting banking credentials on fraudulent login screens. Once installed, the malware monitors what legitimate apps are being opened -- and once target software is launched, the overlay attack begins. "Toddler downloads the specially-crafted login page for the opened target application from its C2. The downloaded webview phishing page is then laid over the targ ..

Support the originator by clicking the read the rest link below.