RedWing Android Spyware Sold as a Service on Telegram
Zimperium found RedWing, an Android spyware sold as a service via Telegram to target banking apps
Android is Google's mobile operating system, whose apps, devices, and updates create a broad security surface for vulnerabilities and advisories.
Search across headline titles and summaries.
Background for this topic.
Android is an open-source operating system for mobile devices based on the Linux kernel, supporting apps primarily written in Java and Kotlin. Its architecture enforces app sandboxing and a permission model to isolate apps and restrict access to sensitive data or system features. However, Android’s allowance for installing apps from unofficial sources increases exposure to malicious software outside the vetted app store environment.
Security risks on Android include malware distribution via sideloaded apps, privilege escalation exploiting OS or pre-installed app vulnerabilities, and data leakage through excessive app permissions. Fragmentation in device models and delayed security updates complicate patch management, making timely application of security patches and careful permission control essential defensive practices for reducing attack surfaces on Android devices. Understanding these factors is critical for managing vulnerabilities in both consumer and enterprise contexts.
Weekly headline count for the current query.
Zimperium found RedWing, an Android spyware sold as a service via Telegram to target banking apps
Rokarolla Android trojan steals banking logins and spies on victims while blocking fraud alerts
BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures
Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services
Google’s Android Advanced Protection Mode is getting a new feature allowing trusted security experts to investigate potential spyware infections
Apple begins rolling out end-to-end encrypted RCS messaging between iPhone and Android in iOS 26.5
ThreatFabric finds new TrickMo Android banking trojan variant routing C2 through The Open Network
ESET warns that North Korean hackers compromised a Yanbian gaming site in a supply‑chain attack, trojanizing Windows and Android software to spy on users
NGate malware abuses HandyPay app to steal NFC card data and PINs in Brazil
APK malformation tactic now appears in over 3000 Android malware samples evading static analysis
Security researchers warn of Mirax, an emerging Android banking trojan using MaaS, remote access and residential proxies to target European users
Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks
Android requires dev identity verification for sideloaded apps; phased global rollout from September
Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts
Android’s LSPosed-based attack hijacks payment apps via runtime manipulation and SIM-binding bypass
PixRevolution Android trojan hijacks Brazil’s PIX payments in real time using accessibility abuse
A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET
Android 17 Beta introduces privacy, security updates and a new Canary channel for improved development
ZeroDayRAT is a new mobile spyware targeting Android and iOS, offering attackers persistent access
Bitdefender has discovered a new Android malware campaign that uses Hugging Face