Security researchers have discovered a new Android banking Trojan which goes by the name of Red Alert 2.0. This new Android banking Trojan was developed during the past few months but was just rolled out into distribution recently. According to security researchers from SfyLabs, they first saw ads for this banking Trojan on a hacking forum for Russian-speaking cyber criminals.
In the past few weeks, researchers have identified the first apps infected with this new threat and has already tracked down Command and Control servers to manage Red Alert 2.0. As of now, it hasn’t made it on the Google Play Store (yet) and hopefully, it stays that way. All of the apps that are spreading Red Alert 2.0 are all hosted on third party Android app stores. And despite it being a new addition to the mobile banking group, this Trojan works similarly to the past banking Trojans. It hides and waits until users open a banking or social media app. When that happens, it shows an HTML-based overlay on top of the original app and alerts users of an error and asks them to authenticate their accounts. It then collects the users’ credentials and sends them to its Command and Control server. The crooks behind this Trojan will take those credentials and access the victims’ bank accounts to make some fraudulent transactions or onto the victim’s social media accounts to post spam or give surreptitious likes to other contents.
This new banking Trojan also includes a feature that collects the contact lists from the infected devices. It also bypasses two-factor authentication and stop any notifications and takes over the infected devices’ SMS function. Based on the changelog in Red Alert’s forum ads, the latest feature added to the banking Trojan’s codebase is the ability to automatically block incoming phone calls from numbers associated with banks and financial institutions.
According to the CEO and founder of SfyLabs, Cengiz Han Sahin, the cyber criminals behind Red Alert 2.0 is renting the banking Trojan for a low price of $500. Right now its development is very active as new HTML overlays are created almost every two days. Aside from that, Red Alert’s developers is also currently working on SOCKS and VNC modules that will add remote control features on infected devices which enhances its RAT-like functions. Sahin also mentioned that Red Alert caught his security team’s attention as this banking Trojan is one of the few Android banking Trojans which were built from scratch in the past few years.
According to security experts, Red Alert 2.0 targets smart phones which are running Android version from the oldest up to the Android 6.0 marshmallow. So anyone who runs these Android versions should be aware and cautious. Experts also say that Red Alert comes with support for showing HTML overlays for over 60 banking and social media apps and does not seem to target any users in a particular place. Instead, it users a shotgun approach that provides overlays for the most well-known banks and financial institutions.
To avoid Red Alert 2.0, users must stir clear in using third party app stores and stick to the apps available only at the Google Play store. Although Google Play store isn’t without its flaws, it’s still way better than those third party app stores.