RedAlert2 (d10f8cd5-0077-4d8f-9145-03815a68dd33)
The trojan waits in hiding until the user opens a banking or social media app. When this happens, the trojan shows an HTML-based overlay on top of the original app, alerting the user of an error, and asking to reauthenticate. Red Alert then collects the user's credentials and sends them to its C&C server.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| RedAlert2 (e9aaab46-abb1-4390-b37b-d0457d05b28f) | Malpedia | RedAlert2 (d10f8cd5-0077-4d8f-9145-03815a68dd33) | Android | 1 |