Red Alert 2.0 Android Trojan is available for rent on underground forums at $500 per month, researchers said.
The Trojan is also capable of stealing information from the infected devices, including SMS messages and contact details, can block calls from banks, and can also keep in touch with bots via Twitter in the event its command and control (C&C) server is taken online, said researchers at Trustwave.
As it turns out, the malware author is pushing the Trojan that can target nearly 120 banks in Australia, Austria, Canada, Czech Republic, Poland, Denmark, Germany, France, Lithuania, India, Italy, Ireland, Japan, New Zeeland, Romania, Spain, Sweden, Turkey, United Kingdom, and the United States.
Additionally, the malware developer claims the Trojan is targeting payment systems (PayPal, Airbnb, Coinbase, Poker Stars, Neteller, Skrill, and Unocoin Bitcoin Wallet India) and CC+VBV Grabbers (Amazon, eBay, LINE, GetTaxi, Snapchat, Viber, Instagram, Facebook, Skype, UBER, WeChat, and WhatsApp) too.
Red Alert 2.0 is also advertised as able to intercept and send SMS messages and launch APKs. The author also claims new functionality can inject objects built per customer request, and that updates are being released every two weeks.
The Trojan can rent for $200 for 7 days, $500 for a month, or $999 for 2 months.
As part of the analyzed Red Alert 2.0 attack, the malware was being distributed attached to spam messages. Although the threat is currently detected by nearly half of the VirusTotal anti-virus companies, the distribution method is still interesting for an Android malware family.