A new Android banking malware called Red Alert 2.0 has recently been uncovered by security researchers. The malware is targeting over 60 bank and social media apps on Google Play. Unlike other proliferate Android trojans such as BankBot, Exobot and others, Red Alert has been written from scratch.
According to security researchers at SyfLabs, who uncovered the malware, Red Alert comes with data-stealing features that allow the cybercriminal(s) operating it to steal users' credentials and contacts. The malware also hijacks SMS functions and blocks all calls associated with banks and financial associations.
The malware also uses Twitter to keep from losing bots when its C&C (command and control) server is taken down. "When the bot fails to connect to the hardcoded C2 it will retrieve a new C2 from a Twitter account. This is something we have seen in the desktop banking malware world before, but the first time we see it happening in an Android banking trojan," researchers said in a blog.
The hacker(s) behind Red Alert is also renting the malware out for just $500 (£370), Cengiz Han Sahin, CEO and founder of SfyLabs, told Bleeping Computer. The malware author has also been actively adding features to Red Alert, including one that would give the malware remote control powers over infected devices.
According to Sahin, the malware is currently targeting Android Marshmallow and previous versions. At present, the malware is targeting popular banks and financial institutions instead of focusing on targets according location.
Researchers also said that all the apps spreading Red Alert were hosted on third-party Android app stores. To stay safe from such trojans, it is highly recommended that users refrain from visiting and downloading apps from third-party app stores and stick to downloading apps from Google Play.