Red Alert Android Trojan v2.0 aimed at multinational banks is being rented for $500 per month

SpiderLabs, a security lab of cybersecurity company’s Trustwave, released a report last week that the Red Alert Android Trojan v2.0, which was released in September last year, currently costs $500 per month in underground forums.

The Trojan can steal information from infected devices, including SMS messages and contact beliefs, and even intercept bank calls, and keep in touch with the bot via Twitter while his command and control (C&C) server is online.

Another researcher at SfyLabs, a network security company, described the threat in detail last September, saying that Red Alert v2.0 contains about 60 HTML overlays for stealing login credentials. At the same time, it was revealed that the update of its malicious program was still continuously released during the attack.

According to the latest report released by SpiderLabs, Red Alert v2.0 developers are currently vigorously promoting the Trojan, the target located in Australia, Austria, Canada, the Czech Republic, Poland, Denmark, Germany, France, Lithuania, India, Italy, Ireland Nearly 120 banks in Japan, New Zealand, Romania, Spain, Sweden, Turkey, the United Kingdom and the United States.

In addition, Red Alert v2.0 developers also claim that the Trojan can be used in some payment systems (such as PayPal, Airbnb, Coinbase, Poker Stars, Neteller, Skrill, and Unocoin Bitcoin Wallet India) and life service software and social software (such as Amazon, eBay, LINE, GetTaxi, Snapchat, Viber, Instagram, Facebook, Skype, UBER, WeChat and WhatsApp).

Red Alert v2.0 has also been advertised as being able to intercept and send SMS messages and launch Android installation packages. Its developers also claim that new features are being developed, injections can be built based on customer requirements, and updates are released every two weeks. The rental fee is very flexible, which includes $200 for seven days, $500 for one month, or $999 for two months.

SpiderLabs researchers pointed out that similar to other malware, the attack vector of Red Alert v2.0 is also a spam email attachment. Also, according to VirusTotal’s scan results, 25 out of 59 anti-virus products can be detected.

VirusTotal’s scan results are undoubtedly good news, at least shows that Red Alert v2.0 is not too bright to evade detection method. Distributing via e-mail means that as long as we maintain good e-mail usage habits, don’t believe and open any e-mails from unknown sources, we can avoid it well.

At the end of the report, SpiderLabs researchers also said that they did not see more incoming email samples, perhaps because this event was not successful.

Below a video published by the researchers that shows the malware in action:

Trustwave concludes

“To wrap-up, we had fun reverse engineering this Android malware and learned a lot. It was interesting to see APK malware being spammed via email, but we wonder how effective the strategy really is for the bad guys.”

“The malware required the user to OK to install, and Android pops up plenty of warnings about permissions. Also, Google Play Protect was detecting this threat, so in order to get the malware installed on Android, we also had to disable Play Protect. We haven’t seen any more samples being spammed, so perhaps the email campaign was not so successful after all.”

Source, Image: trustwave