www.infosecurity-magazine.com 7/8/2026, 4:01:23 PM · external

Android Spyware RedWing Hired via Telegram to Harvest Bank Logins

Android Spyware RedWing Hired via Telegram to Harvest Bank Logins
Developing story malware 2 articles tracked
RedWing Android spyware offered as a service via Telegram
CyberSIXT Evidence Panel
Primary Source zimperium.com

A new Android spyware named RedWing has been identified, being rented out via Telegram, allowing low-skilled attackers to hijack phones and steal banking credentials. Developed as a malware-as-a-service (MaaS), it features easy deployment through a Telegram bot, disguises as legitimate apps, and uses sophisticated methods for credential harvesting, including fake overlays. RedWing has been linked to Russian threat actors and evades traditional security tools.

Key features include intercepting SMS for two-factor authentication, live screen control, keylogging, and facilitating DDoS attacks using infected devices.

View Primary Source Via www.infosecurity-magazine.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline