RedHook: A New Android Banking Trojan Targeting Users In Vietnam

SUMMARY :

A sophisticated Android banking trojan named RedHook has been discovered targeting Vietnamese users through spoofed government and financial websites. The malware uses WebSocket to communicate with its command-and-control server and supports over 30 remote commands, enabling complete control over compromised devices. RedHook combines phishing, RAT, and keylogging capabilities to exfiltrate credentials and conduct fraud. It abuses Android's MediaProjection API for screen capture and sends data to a live C2 server. The malware's low antivirus detection rate makes it a stealthy and active threat. Code artifacts suggest development by a Chinese-speaking threat actor or group. An exposed AWS S3 bucket revealed operational data dating back to November 2024, indicating a shift from previous scam campaigns to this advanced banking trojan.

OPENCTI LABELS :

rat,phishing,banking trojan,android,keylogging,vietnam,aws s3,websocket,chinese-language,redhook


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


RedHook: A New Android Banking Trojan Targeting Users In Vietnam