Home News Red Alert 2.0 Newest Android Banking Trojan

Red Alert 2.0 Newest Android Banking Trojan

Sep 20, 2017

We have some bad news because a new banking Trojan called Red Alert 2.0 is hitting Android devices. The new banking Trojan was discovered by researchers from SfyLabs. These researchers ended up first seeing the Red Alert 2.0 banking Trojan over on a Russian-speaking hacking forum. Bleeping Computer then got a hold of the report that was shared with them.

Red Alert 2.0 might have only been developed within the past few moths. This means that not a lot of people know about Red Alert 2.0 who have Android devices. Read on to learn about this new banking Trojan and how it could end up impacting you and your personal information.

Red Alert 2.0 Banking Trojan Has Yet to Hit Google Play Store

The good news about the Red Alert 2.0 banking Trojan is that it appears it has not impacting Google Play Store yet. Since this banking Trojan was just developed, that means it has not officially been released into the wild yet. Researchers were able to find a couple of apps infected with this Trojan, and have even tracked the C&C servers down that managed Red Alert 2.0. These apps were all found on third-party app stores and were not part of Google Play Store. As of right now, Red Alert 2.0 has not appeared on Google Play Store, but the threat is definitely real.

The Red Alert 2.0 banking Trojan works as other similar Trojans that focus on banking. This means that it will hide within the banking or social app and it does this by putting up an overlay screen. This overlay screen is HTML-based. Essentially, an error is given to the Android user and then you are asked to reauthenticate your information.

The C&C servers will then be sent over your information once you have entered that into the app with the overlay screen. People who are in control of Red Alert 2.0 then will access your banking and personal information. This could result in someone using your debit or credit card to make purchases.

Red Alert 2.0 Banking Trojan Steals Personal Information

Since this is a banking Trojan, the biggest problem is that it can steal your financial and personal information. From credit card numbers to expiration dates and your name, it all is at risk with this malware. Even beyond that, the Red Alert 2.0 banking Trojan can even post messages to your social media website.

This app will put the overlay screen on both banking and social media apps, so there is a double threat with the Trojan. If the hacker gets your social media information, spam messages or fake likes could be an issue.

Beyond all of this, Red Alert 2.0 can also steal your contacts. Once your Android device is infected, the contacts you have stored in your Android device become a target. This means that the SMS functionality of your device is also taken over. The Trojan will suppress your notifications as well as bypass the two-factor authentication. There is also a new ability with Red Alert 2.0, according to the forum advertisements of Red Alert.

This new ability is tucked into the code base and it will block phone calls coming in automatically. The phone calls being automatically blocked by this Trojan are those coming from financial institutions. It would make sense given this malware goes after your financial information that it would not want you to know what is going on.

Red Alert 2.0 Impacts Android Marshmallow & Below

The good and bad news here is that Red Alert 2.0 is affecting devices that are running Android Marshmallow and below. Android Marshmallow is version 6.0, which is two versions behind the new Android 8.0 Oreo. The bad news about this is that a lot of people, according to the Distribution Report, are using Android Marshmallow. Android Marshmallow and Android Lollipop, which is version 5, are the two most used Android versions worldwide.

Android users are typically not the ones to immediately update to the newest operating system release. So while the good news is that we have not seen Red Alert 2.0 on Google Play Store yet, it comes with the downsides. The biggest downside being Android Marshmallow and Android Lollipop are the most common operating systems on Android. Over 60 different social media and banking apps are targeted in this malware.

By that, we mean that overlay screens have been developed for over 60 different banking and social media apps. We expect that number to grow as this new Trojan gets distributed in a more widespread manner. For now, the best way to avoid Red Alert 2.0 is to not use any third-party app stores. The third-party app stores are responsible for tons of malware and viruses, and seem to be the biggest target for these hackers and scammers.