{
	"id": "b1a3daf8-3513-4e75-a66a-0adb85309327",
	"created_at": "2026-04-06T00:10:03.824004Z",
	"updated_at": "2026-04-10T03:19:55.709182Z",
	"deleted_at": null,
	"sha1_hash": "bdd348618fade032f47f9aa6a3477008990f97da",
	"title": "Red Alert 2.0 Android Trojan Spreads Via Third Party App Stores",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 745413,
	"plain_text": "Red Alert 2.0 Android Trojan Spreads Via Third Party App Stores\r\nArchived: 2026-04-05 14:54:05 UTC\r\nA spate of new attacks targeting the Android operating\r\nsystemnews article have been discovered using a banking trojan named after a video game. Dubbed Red Alert 2.0\r\n(Detected by Trend Micro as ANDROIDOS_BANKER) by its creators, this new malware tricks users into\r\ndownloading it by hiding in third-party app stores as fake versions of legitimate applications such as WhatsApp,\r\nViber, and updates for both Android and Flash Player.\r\nOnce a user downloads one of these malicious apps into their devices and opens it, a popup overlay will appear\r\nprompting the user to enter their login credentials. The credentials are then sent to a command-and-control (C\u0026C\r\nserver) that the attackers control.\r\nRed Alert 2.0 will block incoming calls from banks, presumably to block verification attempts. The malware also\r\nintercepts SMS text messages, sending messages to the attackers for future use. By disrupting the device’s actual\r\ncommunication capabilities, the attackers can maximize the time spent doing malicious activities.\r\nAccording to its researchers, Red Alert 2.0 is being peddled on hacking forums for $500—a low price that could\r\nmake it attractive to a large number of potential attackers.\r\nRed Alert 2.0 can target mobile devices that are running Android versions of up to 6.0, which was released two\r\nyears ago, but it is currently confined to third party app stores. No versions of the malicious apps carrying the\r\nmalware have been detected on the official Google Play Store as of the time of publication.\r\nThis is not the first time that malware is being spread via third party app stores, as seen in last year’s Fobus attack\r\ninvolving Super Mario Run. Users are advised to avoid third party-app stores, as the lack of security regulations\r\ncould expose them to malware. In addition, users should also disable the “Allow installation of apps from\r\nunknown sources” as a further security measure, and only enable it when they are sure of the legitimacy of the\r\ndownload source. In general, Android users should be wary of whatever they download—whether from third party\r\napp stores of even the official Google Play Store itself. If an app seems to be suspicious, perhaps it is best to\r\nrefrain from downloading it.\r\nHIDE\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/red-alert-2-0-android-trojan-spreads-via-third-party-app-stores\r\nPage 1 of 2\n\nLike it? Add this infographic to your site:\r\n1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your\r\npage (Ctrl+V).\r\nImage will appear the same size as you see above.\r\nWe Recommend\r\nThe Industrialization of Botnets: Automation and Scale as a New Threat Infrastructurenews article\r\nComplexity and Visibility Gaps in Power Automatenews article\r\nCracking the Isolation: Novel Docker Desktop VM Escape Techniques Under WSL2news article\r\nAzure Control Plane Threat Detection With TrendAI Vision One™news article\r\nThe AI-fication of Cyberthreats: Trend Micro Security Predictions for 2026predictions\r\nRansomware Spotlight: DragonForcenews article\r\nStay Ahead of AI Threats: Secure LLM Applications With Trend Vision Onenews article\r\nThe Road to Agentic AI: Navigating Architecture, Threats, and Solutionsnews article\r\nSource: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/red-alert-2-0-android-trojan-spreads-via-third-party\r\n-app-stores\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/red-alert-2-0-android-trojan-spreads-via-third-party-app-stores\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/red-alert-2-0-android-trojan-spreads-via-third-party-app-stores"
	],
	"report_names": [
		"red-alert-2-0-android-trojan-spreads-via-third-party-app-stores"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434203,
	"ts_updated_at": 1775791195,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bdd348618fade032f47f9aa6a3477008990f97da.pdf",
		"text": "https://archive.orkl.eu/bdd348618fade032f47f9aa6a3477008990f97da.txt",
		"img": "https://archive.orkl.eu/bdd348618fade032f47f9aa6a3477008990f97da.jpg"
	}
}