Security researchers have uncovered a new Android banking trojan by the name of Red Alert 2.0 that was developed during the past few months and has been recently rolled out into distribution.
Security researchers from SfyLabs first saw ads for this trojan on a hacking forum for Russian-speaking criminals during the spring.
During the past weeks, researchers have identified the first apps infected with this new threat and have tracked down C&C servers used to manage the banking trojan.
According to security researchers at SyfLabs, Red Alert comes with data-stealing features that allow the cybercriminal(s) operating it to steal users’ credentials and contacts. The malware also hijacks SMS functions and blocks all calls associated with banks and financial associations.
People in command of Red Alert’s control panel take these credentials and access their victims’ bank accounts to make fraudulent transactions, or the victim’s social media apps, to post spam or give surreptitious likes to other content.
Red Alert also includes a feature to collect the contact lists from infected devices. In addition, to bypass two-factor authentication and suppress any notifications, the trojan also takes over the infected phone’s SMS function.
Red Alert rented on hacking forums for $500
Cengiz Han Sahin, CEO and founder of SfyLabs, tells that the Red Alert author is renting the trojan for the lowly price of $500.
Development is also very active. “New HTML overlays are created almost every 2 days,” Red Alert’s author is also working on SOCKS and VNC modules that would add remote control features to infected devices, enhacing Red Alert with RAT-like features.
Red Alert works on all Android versions up to 6.0
Red Alert can target smartphones running Android versions up to and including 6.0 (Marshmallow).
Experts say that Red Alert comes with support for showing HTML overlays for over 60 banking and social media apps.
The trojan doesn’t seem to target users in a particular country but uses a shotgun approach, providing overlays for the most well-known banks and financial institutions.
This random targeting is most likely because of the trojan’s rental system, as Red Alert’s author focuses on providing enticing features for a wide group of potential buyers.
As always, users can avoid most Android malware by not using third-party app stores and sticking to apps only available on the Play Store. Google’s official app store may not be perfect, but it’s way better than any shady Android app store.
A Complete technical details published Here and will include a list of targeted apps and IOCs.