Researchers have provided a deep dive into Toddler, a new Android banking Trojan that is surging across Europe. In a report shared with ZDNet, the PRODAFT Threat Intelligence (PTI) team said that the malware, also known as TeaBot/Anatsa, is part of a rising trend of mobile banking malware attacking bank customers in countries including Spain, Germany, Switzerland, and the Netherlands. Toddler was first disclosed by Cleafy following its discovery in January. While still under active development, the mobile Trojan has been used in attacks against the customers of 60 European banks. In June, Bitdefender said that Spain and Italy were infection hotspots, although the UK, France, Belgium, Australia, and the Netherlands were also being targeted. Infection vectors vary, although researchers from multiple organizations have tracked Toddler to malicious .APK files and Android apps. While the Trojan has not yet been found on Google Play, numerous legitimate websites have been compromised to host and serve the malware.
Always make sure to download Android apps from verified sources, such as the Google Play store, and even then, be careful because sometimes malicious .apk files make their way onto the official Play Store for some time. Check how long an app has been present on Google Play, because malicious apps are rarely on there for a long time before they are discovered, reported, and removed. Also, check for unexpected permissions requested by the app that it shouldn’t need for its functionality. Consider installing antivirus for Android such as that offered by Bitdefender.