RedWing Android Spyware Sold as a Service on Telegram
Zimperium found RedWing, an Android spyware sold as a service via Telegram to target banking apps
Spyware coverage examines reported incidents, technical analysis, infrastructure, disruption efforts, and defensive guidance on unauthorized monitoring.
Search across headline titles and summaries.
Background for this topic.
Spyware is malicious software that covertly monitors a device or user and sends collected information to an unauthorized party. Depending on its capabilities, it may capture keystrokes, credentials, messages, files, browsing activity, or location data, and may use microphones or cameras when permissions or vulnerabilities allow it. The term covers both broadly distributed malware and more specialized surveillance tools, so reporting should identify a family or tool only when evidence supports it.
Spyware commonly reaches systems through deceptive applications, malicious attachments, bundled software, or exploitation of unpatched software; the relevant exposure depends on the reported case. Security teams should prioritize timely vulnerability and application updates, restrict installation and permissions, and use endpoint or mobile telemetry to detect unusual collection or outbound connections. Suspected infections require isolation and evidence preservation, followed by credential rotation from a trusted device and assessment of what privacy-sensitive data may have been accessed. These findings can also inform legal or regulatory handling where monitoring involved personal or confidential information.
Weekly headline count for the current query.
Zimperium found RedWing, an Android spyware sold as a service via Telegram to target banking apps
Google’s Android Advanced Protection Mode is getting a new feature allowing trusted security experts to investigate potential spyware infections
Espionage campaign exploits Israel-Iran conflict, distributing a trojanized Red Alert app via SMS
ZeroDayRAT is a new mobile spyware targeting Android and iOS, offering attackers persistent access
A new version of ClayRat Android spyware features enhanced surveillance and device-control features
Data leaks have shed a new light on Intellexa’s flagship spyware infrastructure and attack vectors
CISA has demanded federal agencies patch a zero-day vulnerability affecting Samsung devices used in LandFall spyware attacks
A new ClayRat spyware campaign has been observed targeting Russian users via fake apps on Telegram and exfiltrating data
Apple has sent at least four notifications in 2025, according to the French national cybersecurity agency
The US Immigration agency has resumed a $2m contract with the Graphite spyware developer, now owned by US investor AE Industrial Partners
Researchers detected that FreeVPN.One, a longstanding Chrome Web Store VPN extension, recently turned into spyware
New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict
This is the first forensic evidence that journalists’ devices have been infected with Paragon’s Graphite spyware
The Israeli spyware maker must pay $444,719 in compensatory damages to Meta and $167.25m in punitive damages
The UK and allies have warned of new mobile spyware targeting Uyghur, Tibetan and Taiwanese communities
A US judge has ruled in favor of WhatsApp in a long-running case against commercial spyware-maker NSO Group
The Serbian authorities have been using advanced mobile forensics products made by Israeli firm Cellebrite to extract data from mobile devices illegally
Russian-made spyware BoneSpy and PlainGnome target former Soviet states, while public security bureaus in mainland China use Chinese surveillance tool EagleMsgSpy
ThreatFabric researchers have discovered significant updates to the LightSpy spyware, featuring plugins designed to interfere with device functionality
RUSI and Chatham House recommended global standards to combat commercial cyber tool abuse