RedHook A New Android Banking Trojan Targeting Users in Vietnam

Key Takeaways

RedHook is a newly identified Android banking trojan targeting Vietnamese users through phishing sites impersonating trusted financial and government institutions.

The malware combines phishing, RAT, and keylogging capabilities to exfiltrate credentials and carry out fraud.

It abuses Android’s MediaProjection API to capture screen content and sends data via WebSocket to a live C2 server.

RedHook supports 34 server-issued commands, enabling complete remote control of the infected device.

An exposed AWS S3 bucket used by the threat actor revealed screenshots, fake templates, and infrastructure dating back to November 2024.

The domain mailisa[.]me, linked to previous scam campaigns targeting Vietnamese users, indicates a shift from fraud operations to a sophisticated Android banking trojan.

The malware displays Chinese-language artifacts, indicating a likely Chinese-speaking origin of the threat actor or developer group.

Despite its advanced capabilities, RedHook currently has low detection on VirusTotal, making it a stealthy and active threat in the wild.

To read the complete article see: https://cyble.com/blog/redhook-new-android-banking-targeting-in-vietnam/