RedWing Android Malware-as-a-Service Targets Banking Apps via Telegram
Cybersecurity researchers have uncovered RedWing, a new Android Malware-as-a-Service (MaaS) platform that is being rented through Telegram to conduct banking fraud. The malware enables attackers to steal banking credentials, intercept one-time passwords (OTPs), capture sensitive data, and remotely control infected Android devices without requiring advanced technical skills.


RedWing spreads through phishing links that lead victims to fake app store pages, tricking them into installing malicious apps from outside official marketplaces. Once installed, it abuses Android Accessibility permissions to display fake banking login screens, read SMS messages, record keystrokes, stream the device screen, and even activate the camera and microphone.
Researchers warn that RedWing is highly customizable and capable of targeting multiple banking and cryptocurrency apps. Users are advised to install apps only from official app stores, avoid sideloading, and carefully review permission requests to reduce the risk of infection.
NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net