Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
RedWing Malware Offers Banking Fraud via Telegram

RedWing Malware Offers Banking Fraud via Telegram

Posted on July 7, 2026 By CWS

A newly emerging threat called RedWing malware is gaining traction on Telegram, where it is offered as a ready-to-use service for bank fraud. This tool enables even those with minimal technical skills to compromise a victim’s Android phone, extract banking credentials, and intercept one-time codes meant for account protection.

The Mechanics of RedWing Malware

Research by Zimperium’s zLabs, who identified this operation, indicates that RedWing is likely a new iteration of the Oblivion malware, previously available for $300 a month. This malware is marketed as a comprehensive package, complete with subscription options, discounts for referrals, and instructional content, eliminating the need for buyers to have malware development skills. A Telegram bot personalizes the application for each user upon request.

Conventional security tools often fail to detect the droppers and payloads created by RedWing. The infection process begins with a phishing link that directs users to a counterfeit app store page, which can imitate platforms like Google Play or the Galaxy Store. These pages, complete with fictitious ratings and download statistics, encourage users to install the app and grant necessary permissions.

Capabilities and Threats of RedWing

Once installed, RedWing gradually requests permissions, leveraging Android’s Accessibility service to monitor and manipulate the device. Its features include fake login overlays to capture passwords from banking and cryptocurrency apps, reading texts to intercept security codes, and using hidden codes to reroute phone calls. This enables attackers to bypass phone-based verifications and execute fraudulent transactions.

Furthermore, RedWing can perform live screen streaming, log keystrokes, and activate a device’s camera and microphone. It can also access files, contacts, and call logs, and even track the phone’s location. This malware can pool compromised devices to conduct denial-of-service attacks, overwhelming targeted websites with traffic.

Targeting and Prevention Strategies

RedWing allows its users to select specific targets, with its current focus being Russian financial institutions. Although the operation seems to be associated with Russian cyber actors, definitive links have not been established. This malware is part of a broader trend in Android-related crimes, shifting towards on-device fraud rather than merely stealing credentials for later use.

To safeguard against RedWing, individuals should only download apps from official stores and treat unsolicited updates with suspicion. It’s crucial to avoid enabling installations from unknown sources and granting unnecessary permissions to apps. Managed devices can enforce these precautions centrally by blocking sideloading and flagging apps requesting excessive permissions.

Security researchers have shared indicators of compromise to aid in detecting RedWing. The malware’s ability to be reskinned and have its overlay targets altered makes it challenging to track by name, emphasizing the importance of monitoring behavior over app names.

The Hacker News Tags:Android security, banking fraud, Cybersecurity, Malware, mobile threats, Phishing, RedWing, Russia, Telegram, Zimperium

Post navigation

Previous Post: Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
Next Post: Gitea Vulnerability Exploited Actively, Experts Alert

Related Posts

Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents The Hacker News
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware The Hacker News
Google Gemini Vulnerability Exposed by Notifications Google Gemini Vulnerability Exposed by Notifications The Hacker News
New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices The Hacker News
Cybersecurity Weekly: Proxy Networks and AI Threats Cybersecurity Weekly: Proxy Networks and AI Threats The Hacker News
Emerging Cyber Threats and AI Exploit Engines Emerging Cyber Threats and AI Exploit Engines The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark