Close Menu
    What's Hot

    Andrea Shaw, Plaintiff in Anti-Vaccine Suit, Is Charged With Murder of Her Twins

    Republican Leaders Say They’ve Spoken With Mitch McConnell Since Hospitalization

    The Symbols We Saw at Khamenei’s Funeral

    Facebook X (Twitter) Instagram
    Trending
    • Andrea Shaw, Plaintiff in Anti-Vaccine Suit, Is Charged With Murder of Her Twins
    • Republican Leaders Say They’ve Spoken With Mitch McConnell Since Hospitalization
    • The Symbols We Saw at Khamenei’s Funeral
    • I.O.C. Lifts Russia’s Olympic Suspension, Clearing the Way for 2028
    • Taiwanese Polls Show Trust in Japan Defense Pledges
    • Discord admits AI moderation bug wrongfully banned users over harmless images
    • Ares Capital: The Market Is Wrong Here (Rating Upgrade) (NASDAQ:ARCC)
    • Argentina 3 – 2 Egypt
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service

    adminBy adminJuly 7, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Swati KhandelwalJul 07, 2026Malware / Mobile Security

    RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service

    A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim’s phone, steal their banking logins, and capture the one-time codes that protect their accounts.

    Zimperium’s zLabs, which found the operation, says it looks like a new variant of Oblivion, a $300-a-month rent-a-malware tool documented earlier this year.

    RedWing is sold as a complete product, in subscription tiers with referral discounts, guides, and how-to videos, so a buyer needs no malware-writing skill. A Telegram bot builds each buyer a custom app on demand.

    Researchers say a substantial number of the resulting droppers and payloads currently evade conventional security tools.

    Infection starts with a phishing link that opens a fake app-store page. The kit’s dropper builder can mimic Google Play, the Galaxy Store, and AppGallery, or build fully custom pages, complete with fake ratings, reviews, and download counts. The page then coaxes the user into installing the app from outside the official store and approving its permissions.

    Cybersecurity

    The app stages its permission requests one screen at a time. A harmless-looking web page sits in the background while pop-up cards request permissions framed as routine: turn off battery limits, set the app as the default text-message handler, and switch on notifications.

    It also asks to turn on Android’s Accessibility service, which malware abuses to read the screen and control the phone.

    With those permissions, RedWing has broad control of the phone. Its capabilities include:

    • Fake login screens, called overlays, that appear over real banking and cryptocurrency apps to steal passwords.
    • Reading incoming texts for one-time passcodes, and using Accessibility to lift codes, card numbers, and PINs off the screen as they appear.
    • Silently switching the victim’s incoming calls over to the attacker, using a hidden carrier code (*21*) to turn on call forwarding, which knocks out phone-based verification and bank fraud-check calls.
    • Live screen streaming and a keylogger, so operators can watch and control the phone in real time.
    • Switching on the camera and microphone, reading files, stealing contacts and call logs, and tracking location.
    • Pooling infected phones to flood a target website with traffic, a denial-of-service attack.

    Buyers choose their own targets, and the malware splits its targeting into two. The apps it watches through Accessibility are baked into each copy, which points to a fresh app being built to order once a buyer picks targets. The overlay targets, by contrast, can be changed later from the control panel without pushing out a new app.

    Zimperium counted 82 targeted institutions across several sectors, with a strong focus on Russian financial firms, though that list can shift at any time. The evidence points to the Russian market: one sample used a fake page for Russia’s RuStore. Experts say the operation appears linked to Russian threat actors but stops short of confirming it.

    RedWing fits a wider move in Android crime toward on-device fraud, where attackers operate inside the victim’s own banking session instead of stealing a password to use elsewhere.

    Cybersecurity

    Researchers flagged a near-identical Russian-market rental kit, Fantasy Hub, last year. The same techniques turn up in Albiriox, aimed at more than 400 finance apps, and Klopatra, which used hidden remote control and fake overlays to drain accounts while victims slept.

    RedWing needs no Android exploit. It works only when a user installs the app from outside an official store and approves the prompts, so the first line of defense is what happens at install time. For individuals:

    • Install apps only from official stores, and treat any “update” that arrives by link or text message as suspect.
    • Do not turn on “install from unknown sources,” and do not grant Accessibility, default text-message handler, or battery-exemption access to an app with no clear reason to need it.
    • Watch for an app that hides its icon after it installs, a common trick for staying out of sight.

    On managed devices, the same choices can be enforced centrally: block sideloading, and flag apps that request Accessibility or the default-SMS role.

    Researchers have also published indicators of compromise for teams that want to hunt for it. Because the kit can be reskinned and its overlay targets swapped from a panel, the same code can keep resurfacing under new names, so app names are a poor way to track it. The behavior is the signal, not the name.

    Android Bank fraud MaaS Packages RedWing Rental service Telegram
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleWhy is everyone talking about John Oliver and ‘General Hospital’?
    Next Article Argentina 3 – 2 Egypt
    admin
    • Website

    Related Posts

    Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

    July 7, 2026

    Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

    July 7, 2026

    Bank of England plans to ease capital rule for UK lenders

    July 7, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Andrea Shaw, Plaintiff in Anti-Vaccine Suit, Is Charged With Murder of Her Twins

    Republican Leaders Say They’ve Spoken With Mitch McConnell Since Hospitalization

    The Symbols We Saw at Khamenei’s Funeral

    I.O.C. Lifts Russia’s Olympic Suspension, Clearing the Way for 2028

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by