Security researchers report that a new Android malware operation, known as RedWing, is being distributed and sold as a service via Telegram. According to findings by Zimperium’s zLabs, the operation is offered as a “ready-made” package that enables criminals with limited technical skill to compromise a victim’s Android phone. The malware is described as targeting banking applications to obtain sensitive account information.
Reported capabilities include taking control of a device, stealing banking login credentials, and capturing one-time codes (often used as second-factor authentication to protect accounts). Researchers also note that RedWing appears to be a new variant of an earlier malware-related “rent-a-malware” model, which is characterized by subscription-style pricing and resale.
The reports characterize RedWing as an example of how malware-as-a-service offerings are packaged and marketed through messaging platforms, lowering barriers for offenders and focusing on credential and authentication theft to facilitate unauthorized access to banking services.