Botnet

[TODDLER] Mobile Banking Botnet Analysis Report

July 16, 2021 09:01

Starting from the second half of 2020, PRODAFT Threat Intelligence ("PTI") team witnessed a rising trend of mobile banking malware attacks against the European countries; primarily targeting customers of banking institutions based in Spain, Germany, Switzerland, and Netherlands. Toddler is considered to be an important example of this trend in terms of it's technical features and operational chain.

In this report, we present a behind-the-scenes analysis of this newly emerging Android malware, which is also known as Teabot or Anatsa.

At the time of the analysis, Toddler is largely targeting Spain, but the malware sample contains textual content for targeting Spanish, English, Italian, German, French, and Dutch-speaking users.

The PTI team has de-anonymized the C&C server and discovered that Toddler has already infected more than 7,632 devices at the time of this report.

Apart from our detailed technical analysis, statistics and observations from the main C&C panel are also provided in detail.