The gist: Android malware RedWing is being offered as a rental service for bank fraud via Telegram and appears to be a variant of the established Oblivion malware.
Security researchers from Zimperium zLabs have discovered an Android malware operation called RedWing that is being rented out over Telegram as a banking fraud service. The malware enables device takeovers and theft of banking logins as well as one-time codes.
RedWing is a new Android malware operation that is rented out as a ready-made service over Telegram. Threat actors, even those with low technical skills, can use it to take over victims’ smartphones, steal banking credentials and intercept one-time codes that serve as an additional layer of protection for bank accounts.
Following analysis by Zimperium zLabs, RedWing appears to be a new variant of the already-known malware Oblivion, which has previously been offered for rent at approximately $300 per month. The malware-as-a-service model deliberately targets accessibility for actors with low technical expertise, thereby lowering the barriers to entry for automated banking fraud.
For CISOs and security teams, this represents an escalation of the mobile threat landscape: banking trojans are increasingly being distributed as commercial services with professional support. This underscores the need to expand endpoint detection to Android devices and educate users on the risks of app installations and permission requests. At the same time, organizations should increasingly focus on device management and blocking suspicious access patterns to their banking infrastructure.
Source: thehackernews.com · Published July 7, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.