Security researchers from SfyLabs accept at nowadays discovered a novel Android banking Trojan that is beingness rented on many nighttime websites for $500 per month, SfyLabs' researcher Han Sahin told The Hacker News.
Dubbed Red Alert 2.0, the Android banking malware has been fully written from scratch, dissimilar other banking trojans, such every bit BankBot as well as ExoBot, which were evolved from the leaked source code of older trojans.
The Red Alert banking malware has been distributed via many online hacking forums since final few months, as well as its creators accept continuously been updating the malware to add together novel functionalities inwards an endeavor to larn inwards a unsafe threat to potential victims.
Malware Blocks Incoming Calls from Banks
Like most other Android banking trojans, Red Alert has a large let on of capabilities such every bit stealing login credentials, hijacking SMS messages, displaying an overlay on the exceed of legitimate apps, contact listing harvesting, alongside others.
Besides this, Red Alert actors accept likewise added an interesting functionality to its malware, similar blocking as well as logging all incoming calls associated with banks as well as fiscal associations.
This would potentially permit the Red Alert malware to preclude warnings of a compromised trouble concern human relationship to last received past times the victims from their associated banks.
Malware Uses Twitter As Backup C&C Infrastructure
"When the bot fails to connect to the hardcoded C2 it volition remember a novel C2 from a Twitter account," SfyLabs researchers said inwards a weblog post.
"This is something nosotros accept seen inwards the desktop banking malware globe before, but the showtime fourth dimension nosotros run across it happening inwards an Android banking trojan."The Red Alert 2.0 is currently targeting victims from to a greater extent than than sixty banks as well as social media apps across the globe as well as industrial plant on Android 6.0 (Marshmallow) as well as previous versions.
Here's How the Red Alert 2.0 Trojan Works:
Once installed on victim's telephone via the third-party app store, the malware waits for the victim to opened upward a banking or social media app, whose interface it tin simulate, as well as 1 time detected, the Trojan directly overlays the master app with a mistaken user interface.
The mistaken interface thus informs the victim that in that place is an error piece logging the user inwards as well as requests the user to re-authenticate his/her account.
As presently every bit the user enters the credentials into the mistaken user interface, Red Alert records them as well as sends them to the attacker-controlled command as well as command (C&C) server to last used past times the attackers to hijack the account.
In example of banking apps, the recorded information is beingness used past times attackers to initiate fraudulent transactions as well as drain the victim's depository fiscal establishment account.
Since Red Alert 2.0 tin likewise intercept SMS text messages received past times the infected smartphone, the trojan could piece of occupation around two-factor authentication techniques that otherwise are designed to bound such attacks.
Ways to Protect Yourself Against Such Android Banking Trojans
The easiest means to preclude yourself from beingness a victim of 1 such mobile banking Trojan is to avoid downloading apps via third-party app stores or links provided inwards SMS messages or emails.
Just to last on the safer side, become to Settings → Security as well as brand certain "Unknown sources" option is turned off on your Android device that blocks installation of apps from unknown sources.
Most importantly, verify app permissions earlier installing whatever app, fifty-fifty from official Google Play Store, as well as if y'all uncovering whatever application asking to a greater extent than than what it is meant for, only create non install it.
It is e'er a proficient sentiment to install an anti-virus app from a reputed vendor that tin uncovering as well as block such Trojan earlier it tin infect your device.
Also, e'er leave of absence on your organization as well as apps up-to-date.
