securityaffairs.com 7/8/2026, 12:41:12 PM · external

RedWing Android malware on Telegram steals data via fake apps

RedWing Android malware on Telegram steals data via fake apps
CyberSIXT Evidence Panel
Primary Source zimperium.com

THE article discusses RedWing, a malware-as-a-service (MaaS) for Android that can be rented via Telegram, linked to Russian cybercriminals. It operates by utilizing phishing tactics to distribute malicious apps designed to look like legitimate app stores. Key features include the ability to capture sensitive data by mimicking banking and crypto apps, enabling call forwarding to thwart two-factor authentication, and even remotely activating a device's camera and microphone.

RedWing adapts to targets through customization options and does not require Android vulnerabilities to function. The report emphasizes the dangers posed by such advanced malware, especially in consumer contexts where app-store trust is assumed.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline