Home > Cyber News > Red Alert 2.0 Android Trojan Offered on The Hacker Markets

Red Alert 2.0 Android Trojan Offered on The Hacker Markets

Red Alert 2.0 Android Trojan image sensorstechforum com

Security experts have discovered that a new threat has appeared on the hacker underground markets called the Red Alert 2.0 Android Trojan. It is an updated version of a previous virus made for the mobile operating system which can cause significant damage to the infected hosts.

Red Alert 2.0 Android Trojan For Sale

Recently security researchers discovered a dangerous attack campaign carrying a sophisticated Android Trojan, the subsequent analysis reveals that it is a new version of a previous known threat. The new virus is called the Red Alert 2.0 Android Trojan and its main delivery technique at the moment seems to be the use of email SPAM messages. The hacker operators utilize social engineering tactics in order to persuade the intended victims into downloading and running the instances. They may be either directly attached or hyperlinked in the body contents.

The analysis reveals that various versions of it are being offered on the hacker underground markets for a monthly access prise of $500. The fact that we are already seeing attacks carrying it shows that the hackers on both sides (the creators and the clients) are actively using it as a formidable weapon against individual users, companies and even government facilities. The performed security analysis confirms that that it is an original creation and does not share any code with any of the other famous Android Trojan instances.

Related Story: Android Red Alert Malware – How to Detect and Remove It

It appears that the Android Trojan targets mainly banking users located in countries like such as: Australia, Austria, Canada, Czech Republic, Poland, Denmark, Germany, France, Lithuania, India, Italy, Ireland, Japan, New Zealand, Romania, Spain, Sweden, Turkey, United Kingdom, and the United States.

Red Alert 2.0 Android Trojan Capabilities

Upon execution the main infection engine is engaged with the task of preparing the host devices for a deep infection. This is done by first starting a data harvesting component that creates a complete hardware profile of the victim devices and can also expose the victim’s identity. This is made by harvesting strings such as their name, address, location, interests, passwords and account credentials.

The virus can perform a variety of dangerous actions such as the disruption of calls, messages and certain application functions. One of the most important modules it possesses is the ability to create a secure connection to a hacker-controlled server. It is used to receive instructions from the criminals, harvest the data or deploy additional threats.

The malware engine targets popular payment services and mobile apps that are widely used by the users. Some of the Trojan components are the following:

  • WatchDogService — sets timers to ensure that malware is running periodically.
  • ControlService registers the device bot, as well as starting up the ReadCommandThread: waits for instructions from the C&C server.
  • Ensures that device is connected to the C&C server
  • BootReceiver — ensures all functionality is up and running when machine is rebooted. This boot receiver ensures that the watchdog service is run every 10 secs or 30 secs depending on the version of the OS.
  • SmsReceiver — intercepts SMS messages.

The hacker operators can use a web graphical user interface in order to control the infected hosts. It allows the hacker operators to selectively take over control of individual devices or generate reports about their attack campaigns. The Red Alert 2.0 Android Trojan can be used to perform most banking attacks by downloading signatures of banking apps and creating overlays on top of the regular user-installed apps. This allows the criminals to obtain the victim account credentials. If configured so the malicious code can intercept two-factor authentication messages. The banking Trojan can also modify the destination addresses of transactions and cryptocurrency wallet operations.

We expect more hacker groups to leverage it against users worldwide. At the moment not all security software can detect the current versions.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree