A Feb. 24 analysis by Intel471 threat intelligence researchers details upgrades to the TgToxic Android info-stealing trojan, enhancing its evasion tactics and attack scope. Though first observed by security experts in July 2002, Intel471’s report highlights a newly updated version detected in the wild.
TgToxic was designed from the ground up to steal user credentials and originally targeted Southeast Asian users. This new version has expanded its geographic reach, and as of October 2024, it includes both Europe and Latin America.
Ted Miracco, Approov CEO had this to say:
“TgToxic stands out as a highly sophisticated Android banking trojan due to its advanced anti-analysis techniques, including obfuscation, payload encryption, and anti-emulation mechanisms that evade detection by security tools. Its use of dynamic command-and-control (C2) strategies, such as domain generation algorithms (DGA), and its automation capabilities enable it to hijack user interfaces, steal credentials, and perform unauthorized transactions with stealth and resilience against countermeasures.
“Mitigating threats like TgToxic demand an advanced security approach. While MFA is essential, it’s no longer sufficient on its own. Implementing Runtime Application Self-Protection (RASP) for real-time threat detection and leveraging device attestation to verify integrity are critical steps to ensure robust security in today’s evolving threat landscape. Over-the-air (OTA) updates should also be mandatory security practices for mobile fintech applications as you must react quickly to new threats and cannot be dependent upon AppStores to release updates. “
I would suggest that those responsible for managing devices in their organization read the mitigation section of this report by Intel471 as they offer a lot of good advice in terms of how not to be a victim of this threat. And of course, everyone should practice good computing habits to stay safe.
Like this:
Like Loading...
Related
This entry was posted on February 26, 2025 at 3:29 pm and is filed under Commentary with tags Intel471. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
“TgToxic” PW stealer uses SMS Text To Hack phones
A Feb. 24 analysis by Intel471 threat intelligence researchers details upgrades to the TgToxic Android info-stealing trojan, enhancing its evasion tactics and attack scope. Though first observed by security experts in July 2002, Intel471’s report highlights a newly updated version detected in the wild.
TgToxic was designed from the ground up to steal user credentials and originally targeted Southeast Asian users. This new version has expanded its geographic reach, and as of October 2024, it includes both Europe and Latin America.
Ted Miracco, Approov CEO had this to say:
“TgToxic stands out as a highly sophisticated Android banking trojan due to its advanced anti-analysis techniques, including obfuscation, payload encryption, and anti-emulation mechanisms that evade detection by security tools. Its use of dynamic command-and-control (C2) strategies, such as domain generation algorithms (DGA), and its automation capabilities enable it to hijack user interfaces, steal credentials, and perform unauthorized transactions with stealth and resilience against countermeasures.
“Mitigating threats like TgToxic demand an advanced security approach. While MFA is essential, it’s no longer sufficient on its own. Implementing Runtime Application Self-Protection (RASP) for real-time threat detection and leveraging device attestation to verify integrity are critical steps to ensure robust security in today’s evolving threat landscape. Over-the-air (OTA) updates should also be mandatory security practices for mobile fintech applications as you must react quickly to new threats and cannot be dependent upon AppStores to release updates. “
I would suggest that those responsible for managing devices in their organization read the mitigation section of this report by Intel471 as they offer a lot of good advice in terms of how not to be a victim of this threat. And of course, everyone should practice good computing habits to stay safe.
Share this:
Like this:
Related
This entry was posted on February 26, 2025 at 3:29 pm and is filed under Commentary with tags Intel471. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.