Home/News/RedWing Android Malware Offered as Telegram Bank Fraud Service
The Hacker News2 min read

RedWing Android Malware Offered as Telegram Bank Fraud Service

A new Android malware operation named RedWing is being offered as a rental service on Telegram, functioning as a ready-made bank fraud tool. This operation allows individuals with limited technical expertise to compromise victims' phones, steal banking login credentials, and intercept crucial one-time passcodes used for account security. The discovery was made by Zimperium's zLabs, which identified RedWing as a potential new variant of Oblivion, a previously known rent-a-malware service that was priced at $300 per month.

The RedWing service appears to be designed for ease of use, lowering the barrier to entry for cybercriminals. By providing a complete package for malicious activities, it enables a broader range of actors to engage in sophisticated mobile banking fraud. The malware's capabilities include not only the theft of login information but also the capture of time-sensitive authentication codes, which are vital for multi-factor authentication systems used by many financial institutions. This dual functionality significantly increases the risk of account takeover for targeted users.

Zimperium's analysis indicates that the rental model on Telegram is a growing trend in the malware-as-a-service (MaaS) landscape. This approach allows developers to monetize their creations by leasing them to other criminals, while the lessees benefit from pre-built tools without needing to develop their own malware. The specific pricing and operational details of the RedWing rental service on Telegram were not fully disclosed, but its connection to Oblivion suggests a similar business model focused on accessibility and recurring revenue for the malware operators.

The emergence of RedWing highlights the evolving tactics of mobile banking fraud. Threat actors are increasingly leveraging MaaS platforms to distribute sophisticated malware, making it more challenging for security researchers and law enforcement to track and dismantle these operations. The ability to rent such tools on encrypted messaging platforms like Telegram further complicates detection and mitigation efforts, as these channels are often used for clandestine communication and transactions within the cybercriminal underground.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next