UPDATED 00:09 EST / SEPTEMBER 20 2017

INFRA

Red Alert 2.0 banking trojan targets unsuspecting Android users

Communists may not be residing under people’s beds, but online banking customers are being warned to be aware of another threat in the form of a new banking trojan virus dubbed “Red Alert 2.0.”

First detected in the wild by security researchers at SfyLabs BV, the trojan shares similar features to other Android banking trojans, including the use of pop-up overlays to steal user credentials and the ability to intercept SMS messages and steal contact details.

Moreover, the new code takes extra steps to ensure its survival. The most disturbing addition is one possibly not seen before: the ability for the trojan to block and log incoming calls from banks, preventing users from being informed of malicious activity.

The attack vector for Red Alert 2.0 goes down a path seen many times before: distribution using fake apps listed on third-party app stores and Google Play with the usual suspect apps hiding the trojan such as messaging apps, image tools and flash players.

In a stroke of (evil) genius, the people behind the trojan has also built command-and-control server redundancy into Red Alert 2.0. The researchers observed that when the trojan was unable to contact the C&C server controlled by the threat actors, it instead contacted accounts on Twitter to retrieve updated server information.

Noting that these sorts of attacks have been more regularly seen on desktop computers, SfyLabs said “the shift of malware campaigns from desktop (Windows) to mobile (Android) seems largely related to the fact that these days most transactions are initiated from mobile devices instead of the desktop. This motivates actors to invest in developing solutions that target Android and have the same capabilities as the malware variants that have been evolving on the desktop for years.”

It’s not clear how far Red Alert 2.0 has spread to date. But according to Bleeping Computer, the trojan is being offered for rent on the dark web, the hidden part of the Internet reachable with special software, and that development is very active with “new HTML overlays [being] created almost every two days.”

Image: Imgur/unknown

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Cookies

We employ the use of cookies. Find out more.