🟠 High | Source: The Hacker News
RedWing is a new Android malware-as-a-service (MaaS) operation sold via Telegram that enables low-skilled attackers to conduct banking fraud, including credential theft and one-time passcode interception. Researchers at Zimperium’s zLabs have identified it as likely a variant of the Oblivion rental toolkit, previously available for around $300 per month. Its low barrier to entry significantly broadens the pool of potential threat actors, increasing the likelihood of widespread consumer and corporate banking compromise.
Security Architect’s Take: Enforce mobile device management (MDM) policies that restrict sideloading of APKs and mandate app installation exclusively from approved stores across any corporate or BYOD Android devices. Additionally, work with your banking and identity teams to move away from SMS-based OTP towards phishing and malware-resistant MFA such as FIDO2 hardware keys or app-based authenticators that are harder for overlay-style malware to intercept.
Original advisory: RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service