Banks face new Red Alert

Update: September, 21/2017 - 17:38
More than 60 online banking apps are being targeted by Red Alert 2.0 - Photo
Viet Nam News

HÀ NỘI – The Authority of Information Security (AIS) on Wednesday released an official document warning financial institutions and commercial banks of a malicious code Red Alert 2.0 on Android-powered devices.  

Android trojan Red Alert 2.0 is the latest- and growing-threat to online banking applications and is being sold on the dark web at US$500, AIS said.

While other banking trojans are developed from older ones, Red Alert 2.0 is newly coded. It is able to steal login information, SMS and contacts as well as fake and overlay installed apps on users’ devices.  

Moreover, Red Alert 2.0 can intercept and record calls from banks and financial institutions to clients to prevent them from receiving account hacking alerts. Experts said at least 60 online banking and social network apps were targets of the malware, the Tin tức (News) reported.

According to the AIS, Red Alert 2.0 appears on third-party app stores disguising popular apps such as WhatsApp or Viber as well as update versions of Flash Player.  

Once downloaded and installed, Red Alert 2.0 waits to launch when users open up a banking or social media app, then adds an overlay on top of the original app stating that there has been an error and requesting customers to re-authenticate their account.

Usernames and passwords entered by victims are recorded by Red Alert 2.0 and transmitted to its command and control server to hijack the account.

Additionally, the malware is painstakingly coded to suffocate two-factor authentication techniques by intercepting text messages on infected phone and allowing attackers to enter the secondary code sent to users.

Red Alert 2.0 is sophisticated enough to easily steal users’ information. Since it is being sold on hacking forums and the dark web, criminals may buy it to operate attacks targeting Vietnamese banking accounts.

The AIS warns users not to download and install apps from third-party app stores and suppliers. Simultaneously, they need to check app copyrights before installation.

Users should not arbitrarily enter username and password or answer questions of banking accounts and credit cards. They also should use reliable anti-malware firewalls and follow authorities’ warnings and instructions.

To banks and financial institutions, the AIS recommended users check their apps and send warnings to their users of Red Alert 2.0.

In case of emergency, they can also contact the AIS via 024.3943.6684 or email for assistance.

Since the beginning of 2017, experts have detected several attacks targeting Android apps, especially online banking platforms.

In Việt Nam, many banks have launched their own mobile banking apps including Vietcombank, BIDV, Agribank or Techcombank. – VNS