← All stories
● Covered by 1 source Β· 1 reportHigh impact

RedWing Android Malware Sold on Telegram for Bank Fraud Operations

Aggregated by BrevFeed security Β· updated 2h ago
πŸ”– Save

A new malware service called RedWing is being rented on Telegram, enabling low-skilled criminals to perform bank fraud by taking over victims' phones. The service includes features like fake login overlays, interception of one-time codes, and remote control of devices, making it a substantial threat to security.

Key points

Introduction to RedWing Malware

RedWing is a newly identified Android malware that is being marketed on Telegram as an accessible tool for bank fraud. This operation enables even those with limited technical skills to compromise a victim's phone and harvest sensitive financial information. By renting this malware package, criminals can conduct sophisticated attacks without needing expertise in malware development.

How RedWing Works

The malware is presented as a complete product with subscription tiers offering customization features. Through a Telegram bot, buyers can have personalized malware applications generated upon request. Infection typically begins with a phishing link leading to a fake app store page, which can mask itself as official platforms, enticing users to download and install harmful applications.

Functionality and Capabilities

Once installed, RedWing requests a series of permissions presented as benign tasks to gain control over the device. These permissions allow the malware to overlay fake login screens on actual banking apps, read incoming messages for security codes, and exploit Android's Accessibility services for remote viewing and control. Among its capabilities are call forwarding, real-time screen streaming, keylogging, and theft of personal data.

Implications for Security

The emergence of RedWing poses a significant challenge for both users and cybersecurity professionals, as many of the employed tactics can evade traditional security measures. As the malware can dynamically target customers by creating custom applications, it represents a concerning trend in the malware rental market, potentially leading to an increase in fraudulent activities and financial theft.

Conclusion

The spreading availability of RedWing highlights the growing sophistication of cybercrime operations and the need for reinforced security measures among users. Awareness of phishing techniques and the risks associated with app installations is crucial for users to protect their financial information from such malicious services.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

CVE CVE-2026-552008.1 HIGH CVE CVE-2026-468179.8 CRITICAL

Reporting from

A new malware service called RedWing is being rented on Telegram, enabling low-skilled criminals to perform bank fraud by taking over victims' phones. The service includes features like fake login overlays, interception of one-time codes, and remote control of devices, making it a substantial threat to security.