Cyble Uncovers RedHook Android Trojan Targeting Vietnamese Users

Threat Score:

The Cyber Express

7 days ago

Part of cluster #1429

Overview

Cybersecurity researchers at Cyble Research and Intelligence Labs (CRIL) have uncovered a new Android banking trojan called RedHook that is actively targeting Vietnamese mobile users. The malware is distributed via carefully crafted phishing sites impersonating trusted financial and government agencies. Once installed, RedHook delivers a dangerous combination of phishing, keylogging, and remote access capabilities, enabling full control over infected devices, yet it remains low‑profile with limi...

Continue Reading on Original Site

5 articles

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Brighttalk • 14 hours ago

Presented by Jitin Shabadu, Forrester Analyst | Jayce Nichols, Director, Intelligence Solutions, Google Threat Intelligence Group

Score

SonicWall Probes Potential Zero-Day After Ransomware Hits

Data Breach Today UK • 8 hours ago

Akira Ransomware Exploited MFA-Protected SonicWall SSL VPNs, Say Researchers SonicWall said it is probing a surge in attacks against its Gen 7 firewalls, running various firmware versions, which have SSL VPN enabled. Researchers said attackers may have been exploiting a zero-day vulnerability and that multiple victims have been infected with Akira ransomware.

Score

Dialysis company DaVita says more than 900,000 people affected by April ransomware attack

Therecord • 12 hours ago

A broad range of personal and health data was exposed in an April ransomware attack on dialysis provider DaVita, the company said in notices filed in several states.

Score

More than 1 million patients affected by DaVita ransomware attack; those are preliminary numbers

Databreaches • 10 hours ago

There is an update to the ransomware attack involving DaVita Dialysis first reported in April. According to DaVita’s disclosures this month, unauthorized access to its servers began on March 24, 2025 and continued until April 12, 2025, when they were able to kick the attacker out and keep them out. The incident was first reported...

Score

‘Critical’ firmware-level vulnerabilities found in laptops commonly used by security specialists

Therecord • 12 hours ago

According to the research published Tuesday, it is possible for an attacker to break into the ControlVault chip used in many laptops owned by security professionals and modify the firmware inside.

Score

DOMAINS

api9.iosgaxx423.xyz

mailisa.me

sbvhn.com

skt9.iosgaxx423.xyz

ATTACK TYPES

Credential Theft

Overlay Attack

Phishing

Social Engineering

INDUSTRIES

Banking

Financial Services

COUNTRIES

Portugal

South Korea

Spain

Vietnam

PLATFORMS

AWS

Android

iOS

RANSOMWARE

AnDROid

First

One

Trojan

Unknown

MITRE ATT&CK

Phishing

T1003

T1053

T1059

T1059.001

MALWARE

DoubleTrouble

RedHook

ToxicPanda

SECURITY VENDORS

Kaspersky

VULNERABILITIES

Credential Theft

DOMAINS

mailisa.me

sbvhn.com

api9.iosgaxx423.xyz

skt9.iosgaxx423.xyz

ARTICLE INFORMATION

Article #5320

Published 7 days ago

The Cyber Express

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

SonicWall Probes Potential Zero-Day After Ransomware Hits

Dialysis company DaVita says more than 900,000 people affected by April ransomware attack

More than 1 million patients affected by DaVita ransomware attack; those are preliminary numbers

‘Critical’ firmware-level vulnerabilities found in laptops commonly used by security specialists

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies