Banking Trojans have regained a lot of their popularity over the past few months. While these tools have been around for several years now, they are once again becoming more common. A new Android banking Trojan was discovered not too long ago. This malware goes by the name of Red Alert 2.0 and is currently part of a growing distribution campaign. Red Alert 2.0 is a new Android Banking Trojan The mobile ecosystem is becoming the new playground of cyber criminals these days. Whereas most malware was originally developed for computers and different operating systems, these malware creations are slowly
Banking Trojans have regained a lot of their popularity over the past few months. While these tools have been around for several years now, they are once again becoming more common. A new Android banking Trojan was discovered not too long ago. This malware goes by the name of Red Alert 2.0 and is currently part of a growing distribution campaign.
Red Alert 2.0 is a new Android Banking Trojan
The mobile ecosystem is becoming the new playground of cyber criminals these days. Whereas most malware was originally developed for computers and different operating systems, these malware creations are slowly shifting to the mobile ecosystem. It is mainly the Android platform is effectively getting a lot of attention from banking Trojan developers these days.
Now that Red Alert 2.0 has been discovered, things have taken another turn for the worse. The malware was discovered by researchers from SfyLabs, who noticed advertisements for this Trojan appear on a Russian hacking forum. That latter part is not all that unusual, considering most malware is mainly bought and sold through Russian hacking forums these days. It now appears this malware is effectively being distributed on a large scale.
Several Android apps have been successfully infected with this banking Trojan and serve command & control servers have been tracked down already. All of this hints at how some users will successfully distribute Red Alert 2.0 over the coming weeks and months. All of the applications infected with this malware are distributed through third-party app stores, rather than the Google Play Store itself.
So far, no Red Alert 2.0-laden application has made it to the Play Store just yet, but that may change in the future. This new malware is pretty similar to older versions of banking Trojans. It will not become active until the infected victim visits a banking or social media application. Once they open such an app, the Trojan will overlay the display with an HTML-based version of the original app. Users will need to authenticate again, which is when their login credentials are captured.
Once the developers or distributors successfully obtain login credentials, they will try to make fraudulent transactions. It is also possible they will use social media credentials to post spam or distribute malicious software as well. Red Alert 2.0 is capable of collecting contact lists from infected devices, and it can bypass 2FA and suppress notifications. All of this functionality has been part of previous iterations of banking Trojans in the past, which means this new tool does not stand out.
However, the people effectively selling the banking Trojan feel it is worth $500. That is quite a steep price, although the potential for higher returns is certainly there. The developer also claims how customers will receive new HTML overlays on a regular basis to increase their chances of success. More features may be added in the future as well, including VNC support and remote control features. The only upside is how the malware only works on older versions of Android, including Marshmallow.