Toddler mobile banking malware surges across Europe
A new Android banking Trojan dubbed Toddler has been discovered by researchers and is reportedly surging across Europe. The malware is also identified as TeaBot/Anatsa. The PRODAFT Threat Intelligence team stated that the malware is part of an increase in banking malware attacks in countries such as the Netherlands, Spain, Germany, and Switzerland. The banking Trojan was first disclosed in January by cybersecurity firm Cleafy. However, the mobile Trojan has developed over time and its usage has increased. According to researchers, Toddler has been used in attacks against the customers of 60 European banks. Although most of the attacks occurred in Spain and Italy; France, the UK, Belgium, Australia, and the Netherlands have also been targeted.
Researchers were able to infiltrate a command and control server used by Toddler’s operators, finding over 1,000 sets of stolen banking credentials. The infection vectors for the attack seem to vary, however, the malware has been tracked to malicious .APK files and Android apps. According to researchers, there is no evidence of the malware on the Google Play Store. Toddler is pre-configured to target the users of dozens of banks across Europe, yet all of the known infections so far relate to just 18 different financial organizations, five of which comprise 90% of attacks. The Trojan works by utilizing overlay attacks to trick victims into submitting banking credentials on fraudulent login screens.