Android users warned as SMS password-stealer gets critical update.
There appears to be no escaping the password-stealer threat right now. From the revelation that 244 “never seen before” passwords have been leaked from a crime forum’s infostealer logs, to a “spray and pray” attack against Microsoft 365 account holders, and even Macs being targeted with specific password-stealing malware. Now it is Android users who find themselves in the crosshairs as researchers confirm a newly updated threat that strikes using a single SMS text message. Here’s what you need to know and do.
An analysis published Feb. 24 by researchers from the Intel471 threat intelligence platform, has revealed how the TgToxic Android info stealing trojan malware has been upgraded to help prevent detection and expand into new territories of attack.
Although TgToxic malware has been observed by security researchers since as long ago as July 2002, a newly updated version is now out in the wild, and that’s cause for concern, according to the Intel471 researchers.
Designed from the ground up to steal user credentials, TgToxic originally targeted Southeast Asian users of Android apps. In October 2024, researchers said that a new version had expanded that geographic reach to Europe and Latin America. The latest variant, Threat471 said, is now being deployed by threat actors in an ongoing attack campaign.
“The modifications seen in the TgToxic payloads reflect the actors’ ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the malware’s capabilities to improve security measures and keep researchers at bay,” Intel471 said.
It has been reported that the latest version sends the victim a single SMS text message which contains a malicious link. Click that, and well, you are toast. This is what downloads the TgToxic malware.
“It is crucial to recognize the actors behind TgToxic actively monitor open source intelligence and adjust their strategies accordingly,” Intel471 warned; “This ongoing surveillance of the cybersecurity landscape enables them to make timely decisions and modify their tactics to circumvent new security defenses effectively.”
The threat intelligence specialists from Intel471 recommend the following four mitigation strategies for dealing with the latest TgToxic Android malware threat:
To which I would add that you never, ever, click on links in unsolicited SMS text messages, whether on your Android device or not.

source