Red Alert 2.0 trojan was detected in third-party Android app stores

Red Alert 2.0 trojan attacked more than 60 banking apps

Dangerous banking trojan has been reported attacking Android users. Known as Red Alert 2.0, the virus spreads via third-party app stores^[1] and targets more than 60 banking apps, as well as social media apps, including Instagram, Viber or WhatsApp.

According to the security firm SfyLabs,^[2] malware is also being distributed as Flash Player, Android, Google Market and other apps’ updates. According to the latest data, any apps on Google Play store were not infected with this recent cyber threat.

Developers of the Trojan were spotted trying to rent the virus in numerous hacking forums for only 500 USD per month.^[3] The malicious program is promoted as a unique trojan. Indeed, the research confirmed that Trojan’s code is written from scratch. In the commercial advert, authors also tell that they provide updates regularly:

“Also We update the software every time in 2 weeks with various functionalities and updates for our customers free of charge.”

Red Alert 2.0 might attack all versions of Android versions, including the latest 6.0 (Marshmallow) and earlier. In addition, malware might also hijack SMS messages, harvest contact list and run other malicious activities.

The trojan asks to re-enter login details on fake overlay screen

When a user installs and opens a compromised app, the virus displays a fake HTML-based overlay screen. This window shows a particular error and asks to enter login details again. One user types his or her login and password, the trojan collects it and sends to its Command and Control (C&C) server.

Since then cyber criminals can access user’s account and steal money from bank easily. However, financial organizations usually notice malicious activities and contact their customers. However, Red Alert 2.0 might block incoming calls from banks.^[4] This unique and nasty feature makes the virus even more dangerous.

The analysis of the virus also revealed that it uses Twitter to protect bots if its C&C server goes offline. Therefore, if a normal bot connection fails, it can obtain the information from Twitter account. According to the specialists, this feature hasn’t been included in previous banking trojans.

Staying away from third-party download sites is crucial to avoid Red Alert 2.0

Security experts note that the only way to minimize the possibility to get infected with mobile banking trojan or Android virus is to use safe app stores, such as Google Play store. Numerous third-party sites often include fraudulent apps that are malicious.

However, in the past, we saw that malicious programs might bypass Google Play store’s security too. Red Alert might not be an exception too. Thus, extra precautions are obviously needed:^[5]

1. Check information about the published and rely on well-known developers.
2. Read user’s review inside and outside the app store.
3. Protect your Android device with reputable anti-virus, anti-malware or anti-spyware.