INFRA
INFRA
INFRA
Red Alert 2.0 banking trojan targets unsuspecting Android users
Communists may not be residing under people’s beds, but online banking customers are being warned to be aware of another threat in the form of a new banking trojan virus dubbed “Red Alert 2.0.”
First detected in the wild by security researchers at SfyLabs BV, the trojan shares similar features to other Android banking trojans, including the use of pop-up overlays to steal user credentials and the ability to intercept SMS messages and steal contact details.
Moreover, the new code takes extra steps to ensure its survival. The most disturbing addition is one possibly not seen before: the ability for the trojan to block and log incoming calls from banks, preventing users from being informed of malicious activity.
The attack vector for Red Alert 2.0 goes down a path seen many times before: distribution using fake apps listed on third-party app stores and Google Play with the usual suspect apps hiding the trojan such as messaging apps, image tools and flash players.
In a stroke of (evil) genius, the people behind the trojan has also built command-and-control server redundancy into Red Alert 2.0. The researchers observed that when the trojan was unable to contact the C&C server controlled by the threat actors, it instead contacted accounts on Twitter to retrieve updated server information.
Noting that these sorts of attacks have been more regularly seen on desktop computers, SfyLabs said “the shift of malware campaigns from desktop (Windows) to mobile (Android) seems largely related to the fact that these days most transactions are initiated from mobile devices instead of the desktop. This motivates actors to invest in developing solutions that target Android and have the same capabilities as the malware variants that have been evolving on the desktop for years.”
It’s not clear how far Red Alert 2.0 has spread to date. But according to Bleeping Computer, the trojan is being offered for rent on the dark web, the hidden part of the Internet reachable with special software, and that development is very active with “new HTML overlays [being] created almost every two days.”
Image: Imgur/unknown
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
