Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
RedWing Malware Offers Banking Fraud via Telegram

RedWing Malware Offers Banking Fraud via Telegram

Posted on July 7, 2026 By CWS

A newly emerging threat called RedWing malware is gaining traction on Telegram, where it is offered as a ready-to-use service for bank fraud. This tool enables even those with minimal technical skills to compromise a victim’s Android phone, extract banking credentials, and intercept one-time codes meant for account protection.

The Mechanics of RedWing Malware

Research by Zimperium’s zLabs, who identified this operation, indicates that RedWing is likely a new iteration of the Oblivion malware, previously available for $300 a month. This malware is marketed as a comprehensive package, complete with subscription options, discounts for referrals, and instructional content, eliminating the need for buyers to have malware development skills. A Telegram bot personalizes the application for each user upon request.

Conventional security tools often fail to detect the droppers and payloads created by RedWing. The infection process begins with a phishing link that directs users to a counterfeit app store page, which can imitate platforms like Google Play or the Galaxy Store. These pages, complete with fictitious ratings and download statistics, encourage users to install the app and grant necessary permissions.

Capabilities and Threats of RedWing

Once installed, RedWing gradually requests permissions, leveraging Android’s Accessibility service to monitor and manipulate the device. Its features include fake login overlays to capture passwords from banking and cryptocurrency apps, reading texts to intercept security codes, and using hidden codes to reroute phone calls. This enables attackers to bypass phone-based verifications and execute fraudulent transactions.

Furthermore, RedWing can perform live screen streaming, log keystrokes, and activate a device’s camera and microphone. It can also access files, contacts, and call logs, and even track the phone’s location. This malware can pool compromised devices to conduct denial-of-service attacks, overwhelming targeted websites with traffic.

Targeting and Prevention Strategies

RedWing allows its users to select specific targets, with its current focus being Russian financial institutions. Although the operation seems to be associated with Russian cyber actors, definitive links have not been established. This malware is part of a broader trend in Android-related crimes, shifting towards on-device fraud rather than merely stealing credentials for later use.

To safeguard against RedWing, individuals should only download apps from official stores and treat unsolicited updates with suspicion. It’s crucial to avoid enabling installations from unknown sources and granting unnecessary permissions to apps. Managed devices can enforce these precautions centrally by blocking sideloading and flagging apps requesting excessive permissions.

Security researchers have shared indicators of compromise to aid in detecting RedWing. The malware’s ability to be reskinned and have its overlay targets altered makes it challenging to track by name, emphasizing the importance of monitoring behavior over app names.

The Hacker News Tags:Android security, banking fraud, Cybersecurity, Malware, mobile threats, Phishing, RedWing, Russia, Telegram, Zimperium

Post navigation

Previous Post: Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
Next Post: Gitea Vulnerability Exploited Actively, Experts Alert

Related Posts

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks The Hacker News
Federal Push for Post-Quantum Security by 2030 Federal Push for Post-Quantum Security by 2030 The Hacker News
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign The Hacker News
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild The Hacker News
AI Agents Act Like Employees With Root Access—Here’s How to Regain Control AI Agents Act Like Employees With Root Access—Here’s How to Regain Control The Hacker News
Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44 Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44 The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark