Tech »  Topic »  Android Banking Malware Masquerades as Government Agencies to Attack Users

Android Banking Malware Masquerades as Government Agencies to Attack Users


Cyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated Android banking trojan dubbed RedHook, which disguises itself as legitimate applications from Vietnamese government and financial institutions to deceive users.

This malware, first observed in the wild around January 2025, exploits phishing websites mimicking entities like the State Bank of Vietnam, Sacombank, Central Power Corporation, Traffic Police of Vietnam, and even the Government of Vietnam.

Distributed via deceptive domains such as sbvhn[.]com and hosted on AWS S3 buckets, RedHook tricks users into downloading malicious APKs that appear as official banking apps.

Discovery of RedHook Trojan

Once installed, it prompts victims to enable accessibility services and overlay permissions, granting it extensive control over the device.

This combination of permissions allows the trojan to monitor user activities silently, overlay fake interfaces, and bypass security protocols, making it a potent tool for credential theft and financial fraud.

RedHook’s capabilities extend beyond ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE