Researchers Discover New Android Banking Trojan

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Security researchers have detected a new Android banking trojan by the name of Red Alert 2.0 that was developed during the past few months and has been recently rolled out into distribution.

According to a report shared with Bleeping Computer before publication, security researchers from SfyLabs first saw ads for this trojan on a hacking forum for Russian-speaking criminals during the spring.

During the past weeks, researchers have identified the first apps infected with this new threat and have tracked down C&C servers used to manage the banking trojan.

Red Alert has not made it on the Play Store (yet)
All the apps spreading Red Alert were hosted on third-party Android app stores. SfyLabs told Bleeping Computer that no Red Alert app made it on the official Google Play Store at the time of writing.

While Red Alert is a new addition to the mobile banking scene, the trojan works similarly to past threats. The trojan waits in hiding until the user opens a banking or social media app. When this happens, the trojan shows an HTML-based overlay on top of the original app, alerting the user of an error, and asking him to reauthenticate.

Red Alert then collects the user's credentials and sends them to its C&C server.
Click to expand...


People in command of Red Alert's control panel take these credentials and access their victims' bank accounts to make fraudulent transactions, or the victim's social media apps, to post spam or give surreptitious likes to other content.

Red Alert also includes a feature to collect the contact lists from infected devices. In addition, to bypass two-factor authentication and suppress any notifications, the trojan also takes over the infected phone's SMS function.

According to a changelog in Red Alert's forum ads, the most recent feature added to trojan's codebase is its ability to automatically block incoming phone calls from numbers associated with banks and financial institutions.

Red Alert rented on hacking forums for $500

Cengiz Han Sahin, CEO and founder of SfyLabs, tells Bleeping Computer that the Red Alert author is renting the trojan for the lowly price of $500.


Development is also very active. "New HTML overlays are created almost every 2 days," Sahin told Bleeping. In addition, Red Alert's author is also working on SOCKS and VNC modules that would add remote control features to infected devices, enhacing Red Alert with RAT-like features.
Click to expand...
 
  • Like
Reactions: silversurfer
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • +Reputation
    • Wow
Anatsa Android trojan now steals banking info from users in US, UK
Replies
0
Views
877
News Archive
MuzzMelbourne
MuzzMelbourne
silversurfer
    • +Reputation
    • Like
GoldDigger Android Trojan Targets Banking Apps in Asia Pacific Countries
Replies
0
Views
1,201
News Archive
silversurfer
silversurfer
silversurfer
    • +Reputation
    • Like
Malware News New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw
Replies
0
Views
944
Security News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top