Operators of the Toddler banking Trojan attacked clients of 60 banks across Europe
The PRODAFT Threat Intelligence (PTI) cybersecurity research team spoke about the Toddler banking Trojan (also known as TeaBot / Anatsa) for Android mobile devices. Toddler operators used the malware to carry out attacks on clients of 60 European banks in Spain, Germany, Switzerland and the Netherlands.
According to PTI, at least 7,632 mobile devices are currently infected with the Toddler Trojan in Spain. As a result of the hacking of the C&C server of a banking Trojan, researchers found more than 1,000 stolen online banking credentials. Currently, the Trojan has not been detected in the Google Play Store, but attackers have hacked a number of legitimate websites in order to spread malware.
Toddler is a common Trojan horse in many ways and contains functions to steal data (including bank details), run keyloggers, take screenshots, intercept two-factor authentication (2FA) codes, intercept SMS, and connect to a C&C server to transmit information and receive teams.
Malware is capable of displaying fake login screens and tricking the user into entering bank details. To accomplish these tasks, the malware first analyzes which legitimate applications are opened on a mobile device. Toddler also allows operators to steal credentials to access cryptocurrency wallets.
The list of C&C server commands includes activating the screen of an infected device, asking for permissions, changing the volume level, trying to get codes from Google Authenticator, and uninstalling apps.
Catch up on more articles here
Follow us on Twitter here