A new Android spyware named RedWing has been identified, being rented out via Telegram, allowing low-skilled attackers to hijack phones and steal banking credentials. Developed as a malware-as-a-service (MaaS), it features easy deployment through a Telegram bot, disguises as legitimate apps, and uses sophisticated methods for credential harvesting, including fake overlays. RedWing has been linked to Russian threat actors and evades traditional security tools.
Key features include intercepting SMS for two-factor authentication, live screen control, keylogging, and facilitating DDoS attacks using infected devices.