ToxicPanda The Android Banking Trojan Targeting Europe

Key takeaways
ToxicPanda is an Android banking trojan designed to steal banking and digital wallet logins, overlaying PIN & pattern codes, and performing unauthorized transactions.

The malware campaign peaked at 4,500 infected devices while touring Europe and now targets Portugal and Spain.

Android banking malware: ToxicPanda
ToxicPanda infiltrates mobile devices, stealing financial details by targeting banking & financial apps. The malware keeps evolving, with developers quickly adding new features, such as overlaying PIN & pattern codes and credential inputs for specific banking apps, allowing cybercriminals to remotely control compromised bank accounts and initiate unauthorized money transfers.

First identified in 2022 by Trend Micro, it migrated from Southeast Asia to Europe in 2024. Since then, TRACE has identified a shift in geolocation distribution of infections, with Portugal & Spain being the main targets in early 2025, where the botnet has doubled in size.

To read the complete article, see: ToxicPanda: The Android Banking Trojan

---