Red Alert 2.0 Android Trojan launches yet another attack

Previously known threat Red Alert 2.0 Android Trojan strikes again

Red Alert 2.0 Android Trojan is an updated version of malware used to disrupt Android OS.

Recently, security experts rediscovered Alert 2.0 Android Trojan^[1] – a dangerous virus targeting mobile operating systems. Researchers have also revealed that this Trojan is for sale – it has been offered for $500 in the underground market for monthly access.^[2] The virus can cause significant damage as it can be used for financial attacks and similar crimes. Victims might be either individuals or companies and even government facilities.

To lure potential victims into downloading and running the malicious program, hackers have been using social-engineering^[3] technique. Also, this virus might be directly attached to the file or linked with other contents.

It seems that there are multiple versions related to Alert 2.0 Android Trojan capable of stealing information from an infected mobile device, send SMS messages and use C&C mechanism for communicating with its owner. Trojan can also modify destination addresses and disrupt cryptocurrency wallet transactions.

After the analysis, it has been revealed that this Trojan is targeting users from all over the world, including:

• Australia
• Austria
• Canada
• Czech Republic
• Poland
• Germany
• Denmark
• Lithuania
• India
• France
• India
• Ireland
• Japan
• New Zeland
• Spain
• Romania
• Italy
• Turkey
• United States
• United Kingdom
• Sweden.

Data can be collected and used to expose victims' identity

Red Alert 2.0 Android Trojan is capable of causing serious damage. In addition to the main functionality, a program can harvest data and later on create a profile which could expose the identity of the victim. Names, geo-location^[4], addresses, passwords and other credentials can be tracked and transferred to virus owners.

The virus can also disrupt calls^[5], messages or performance of specific applications, other functions. However, the bigger issue here is the ability to create a remote connection between hacker and server. This connection is used to spread additional threats, harvest information and receive instructions from criminals.

Trojans are still considered the most dangerous threats

By their nature, trojans are probably the most dangerous threats on the Internet. There viruses are used to disrupt payment services, mobile apps, and other widely used services as well as individual people. These programs can have the ability to change various settings on your system and in this way disrupt your PC's functionality. Often cybercriminals behind these Trojan viruses demands payments for taking back the access.

Based on their activity and damage, trojans are divided into these categories:

Backdoor Trojan

These can give permission and open system's backdoor for malware to help it infiltrate the system. They can send, receive, launch and delete files, display data or reboot the infected computer whenever they want to. The ar often used for criminal purposes.

Exploit Trojan

These programs are used for taking advantage of the vulnerability within the software or applications that are running on the system. Additionally, exploits help attackers run a malicious code.

Rootkit Trojan

This type of virus is used to conceal other malicious objects to avoid their detection and elimination from the system.

Banking Trojan

These are merely designed for account data stealing from victims via online banking systems, debit cards or other types of payment.

DDoS Trojan

Denial of Service conducting program attacks is targeted web addresses. Multiple requests from your computer or other infected computers might overwhelm the address and lead to service denial.

Download Trojan

These can install malicious programs or files onto your PC.

Dropper Trojan

Not all anti-virus programs can scan pieces of this type of Trojan virus so it is used to prevent the detection of malicious programs.

Ransom Trojan

This can modify data and your computer starts run incorrectly, you can no longer use specific programs or data. The criminals behind this would demand to pay up for unlocking this data.