Red Alert malware warning

20 September 2017

Android banking trojan


A new strain of malware which targets banking and social networking apps has been discovered.

According to SC Magazine, Android banking trojan Red Alert 2.0 can steal the credentials of victims as well as their contacts. The malware also takes over SMS functions and blocks all calls associated with banks and financial associations.

The malware is reported to feature functions that have not been seen in other Android banking trojans. When opening an application that is targeted by Red Alert, an overlay is shown to the user. When the user tries to log in they are greeted with an error page. The credentials themselves are then sent to the C2 server.

Researchers found that Red Alert malware managed to infiltrate several third-party app stores with fake apps, such as messengers, image tools and flash players.

Chris Hodson, EMEA CISO at Zscaler, told SC Media UK that while Trojan techniques continue to evolve, the underlying vector is almost always some form of social engineering.

“In the case of Red Alert 2.0, social engineering is coming via an Android banking application. Security professionals, now more than ever, have a duty of care to educate users,” he said.

“Business policies need to restrict the downloading of applications from anywhere other than trusted app stores. The majority of Android malware is still delivered from third-party app stores. In the case of Red Alert 2.0, once installed, the options for revoking the malware's rights are limited. For example, the Alert actors are seen to be regularly blocking incoming calls of banks which can have a detrimental effect on the process of a fraud operation.”

To read the SC Magazine report in full visit:

Contact us for more information

<< Back to Latest News items