Openhunting Threat Library

Red Alert

Red Alert, Red Alert 2.0
(Type: Banking trojan, Credential stealer)

(Bleeping Computer) While Red Alert is a new addition to the mobile banking scene, the trojan works similarly to past threats. The trojan waits in hiding until the user opens a banking or social media app. When this happens, the trojan shows an HTML-based overlay on top of the original app, alerting the user of an error, and asking him to reauthenticate. Red Alert then collects the user's credentials and sends them to its C&C server.

[News Analysis] Trends:

Total Trend: 1

Trend Per Year
1
2017


Trend Per Month
1
Jan 2017



[News Analysis] News Mention Another Threat Name:

0 - Red Alert


[TTP Analysis] Technique Performance:



[TTP Analysis] Mitre Attack Matrix:

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact


[Infrastructure Analysis] Based on Related IOC:

IP:Port Timestamp
Domain Timestamp
URL Timestamp


[Target Analysis] Region/Sector:

No information


References:

News Basic Information Indicator of Compromise Mitre Attack

News Article (Credit @Malpedia)

Tweet on Red Alert

2017-01-03 by Jaromír Hořejší from Twitter (@JaromirHorejsi)

Basic Information (Credit @etda.or.th)

Tool: Red Alert

Names: Red Alert, Red Alert 2.0

Description: (Bleeping Computer) While Red Alert is a new addition to the mobile banking scene, the trojan works similarly to past threats. The trojan waits in hiding until the user opens a banking or social media app. When this happens, the trojan shows an HTML-based overlay on top of the original app, alerting the user of an error, and asking him to reauthenticate. Red Alert then collects the user's credentials and sends them to its C&C server.

Category: Malware

Type: Banking trojan, Credential stealer

Information: https://www.bleepingcomputer.com/news/security/researchers-discover-new-android-banking-trojan/

Information: https://www.threatfabric.com/blogs/new_android_trojan_targeting_over_60_banks_and_social_apps.html

Information: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/red-alert-2-0-android-trojan-spreads-via-third-party-app-stores

Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.red_alert

Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/apk.redalert2

Last-card-change: 2020-05-22

Source: https://apt.etda.or.th/cgi-bin/listtools.cgi

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact