ADVERTISEMENT

One wrong SMS can wipe your savings, thanks to this Android Trojan

A sophisticated new malware campaign is preying on Android devices to steal money, an investigation has shown.

banking trojan crypto

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Feb 25, 2025 Updated: 22 May 2025 2 min read
“This effort to broaden the malware’s reach suggests a calculated attempt to engage new markets and demographic groups beyond its original targets in Southeast Asia.”

A shift in attack tactics

ADVERTISEMENT
vilius Ernestas Naprys Gintaras Radauskas Paulina Okunyte
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.

How does the Android trojan take over devices?

  • A user receives a phishing SMS with a malicious link. Once clicked, it downloads TgToxic malware.
  • The malware thoroughly evaluates the device’s hardware and system capabilities to detect the virtual environment on the device, such as the presence of a Quick Emulator (QEMU).
  • The trojan pretends to be a Google Chrome application to evade detection and uses Domain Generation Algorithms to connect to the C2 server.
  • Then, TgToxic starts encrypted communication with the C2, using HTTPS requests over port 443. The C2 response then instructs TgToxic to switch communications over to websockets using a port included in the response.
  • While running in the background, the malware keylogs credentials and other sensitive information.

Android trojans are extremely dangerous

How to protect your Android from trojan malware

  • Always install applications from official app stores, and consider using the best antivirus for Android to detect potentially harmful apps.
  • In your Android settings, disable "Allow from Unknown Sources" to prevent the installation of applications from unauthorized sources.
  • Always monitor what permissions you grant to Android apps. It might be a red flag if apps request a considerable number of permissions, especially if the app requests “Accessibility services” permission.
  • If your organization uses Android devices in its network, you should use mobile device management (MDM) software to boost corporate security.
  • For an additional level of security on corporate devices, use a list of preapproved apps to minimize the risk of installing a malicious app.
  • While portable devices often escape the security controls of traditional local networks, mobile threat defense software is used to monitor and manage traffic directly on devices.
  • Consider deploying the indicators of compromise (IoCs) for timely detection of potential threats.
  • Provide regular cybersecurity training for employees to spot phishing SMS messages with malicious links.
ADVERTISEMENT