Cyber security experts have discovered a new banking Trojan that targets Android operating systems. The Trojan malware, dubbed Red Alert 2.0, has the capability to block incoming calls from banks, access and steal the contact list, control messages (access, send and block SMS), and harvest other sensitive credentials and personal information.
The Red Alert 2.0 is a new malware-for-rent with totally new code, that apart from the capabilities of most existing banking Trojans, it has certain advanced capabilities. The creator of the Red Alert 2.0 is renting out the malware for just $500.
This malware has not been distributed through any official Play Stores, but only through third-party app stores. Hence, Android users who download apps only from official, genuine app stores such as Google PlayStore or Apple Store will not be affected by this malware. As a standard security practice, it is always recommended to download apps only from official app stores. It’s not that the official play stores do not contain apps with malware, but there is a vetting process as well as a monitoring process in official play stores. For information: There have been numerous instances of official store apps containing malware.
Present day malware has become more sophisticated. Malware creators are producing sophisticated clean dropper apps that can evade most types of malware detection solutions that block malware based on black-listed virus definition protocol.
How does the Malware Infect the Device
The Red Alert 2.0 gets downloaded via an infected application. It stays dormant without demonstrating any sort of activity. It becomes active only when a banking app (financial app) or social media app is run by the victim. Immediately, the malware overlays a screen over the app and the screen displays a message about a problem and requests the victim to enter the credentials again. These details are captured and sent to a command-and-control server (C&C). The cyber criminals then use the stolen credentials to perform fraudulent financial transactions.
This malware also allows the threat actor to steal contact list details and spread spam.
This malware is more dangerous in the sense that it can block calls from banks/financial institutions. Hence, if the banking institution tries to contact you to confirm/alert you of any suspicious transactions, it would not be able to. The other advanced functionality is that if the malware is not able to make contact with the C&C server, then it contacts specific Twitter accounts to get updated information.
Do not download apps from unknown sources or third-party app stores. IT administrators must implement strong policies and educate employees/users to download apps only from official app stores.
As usage of the Android operating system is dramatically increasing, cyber criminals are focusing their energies more on the Android OS rather than the Windows OS. Reason: More devices available to attempt malware infection.
Some cyber security experts fear that variations of the advanced Red Alert 2.0 Trojan malware could affect POS systems. Such POS malware could help penetrate and steal data from all devices connected to that network.