TgToxic Android malware targets SE Asia users

TgToxis is malware that affects Android users in South East Asia. The impact has been largely limited to Taiwan, Indonesia, and Thailand based Android device users.

We look at some important points about the TgToxis malware that you need to be aware of.

Salient points about the TgToxic malware

  • TgToxic is a banking Trojan malware that is being tracked by the Trend Micro research team.
  • This malware has been found to be active since July 2022 and primarily focuses on Android users from Taiwan, Malaysia and Thailand. The footprint, however, has been seen to rise over the past few months.
  • TgToxic is masked or included as a bundle of malicious apps or fake apps.
  • The malware is designed to steal financial information that includes Banking details, crypto wallet details and other wallet account details.
  • TgToxic may involve fraudulent phishing alerts or messages to induce an Android user to click on malicious links.
  • The malware targets users through phishing and smishing links that may be spread through Facebook links and Android application links.

TgToxic malware is based on the TgToxic automation test framework called Easyclick, which supports writing automation script via JavaScript. This script can be used to hijack an Android device’s user interface (UI) automatically to automate functions such as monitoring user input and performing clicks and gestures.


The primary goal is to steal Banking and financial information that may be used to commit financial fraud. It can even hijack cryptocurrency wallets and Banking apps that are used to make banking transactions.

Trend Micro believes that the threat actor behind TgToxic malware is a relatively new entrant as the malware is not sophisticated. However, it does recommend taking primitive steps for augmenting Android device safety for users from Thailand, Indonesia and Taiwan.

Some steps recommended by Trend Micro include:

  • Avoid installing apps from unknown sources and platforms. Do not click on apps, installers, websites directly embedded in SMS or emails, especially from unknown senders.
  • Do not enable sensitive permissions such as Accessibility services from and for enabling and/or download of unknown apps.
  • For signs of malware infection, battery drain of devices despite the user’s non-usage is a red flag of potential malware infection.

If you are an Android user from Taiwan, Indonesia, and Thailand, it may be pertinent to be more careful while clicking on external links. At the same time, it is important to limit downloading Android apps from unknown publishers.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.