SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.redalert2 (Back to overview)

RedAlert2

URLhaus    

RedAlert 2 is an new Android malware used by an attacker to gain access to login credentials of various e-banking apps. The malware works by overlaying a login screen with a fake display that sends the credentials to a C2 server.
The malware also has the ability to block incoming calls from banks, to prevent the victim of being notified.
As a distribution vector RedAlert 2 uses third-party app stores and imitates real Android apps like Viber, Whatsapp or fake Adobe Flash Player updates.

References
2017-09-20Trend MicroTrend Micro
Red Alert 2.0 Android Trojan Spreads Via Third Party App Stores
RedAlert2
2017-09-01ThreatFabricCengiz Han Sahin, Wesley Gahr
New Android trojan targeting over 60 banks and social apps
RedAlert2

There is no Yara-Signature yet.