Tech Made Simple

Hot Topics: All Roku Players Compared | Best iPad Keyboard Cases | The Best Open Ear Earbuds of 2026

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Bank-draining phone scams are about to get a lot more common

by Suzanne Kantra on July 09, 2026

A concept image shows a generic banking app on a phone.

Suzanne Kantra/Techlicious generated by ChatGPT

Bank-fraud malware attacks are about to get a lot more common because anyone can now rent a ready-made Android banking trojan kit off Telegram. A banking trojan is malicious software disguised as a legitimate app that, once installed, is built specifically to steal money from your bank or payment accounts. The kit making the rounds now is called RedWing, and security researchers at Zimperium zLabs have been tracking it as it spreads through criminal channels this month.

RedWing is what's known as malware-as-a-service. It works a lot like Microsoft 365 or any other subscription service you already pay for: someone builds the product once, maintains it, pushes updates, and sells access to anyone willing to pay. According to Zimperium's research, RedWing's subscribers get a working toolkit for hijacking Android banking apps: fake login screens that sit on top of your real bank's app and capture your credentials without your noticing, plus the ability to intercept the one-time codes your bank texts you and take remote control of the phone once it's infected.

Building something like that from scratch used to require serious malware-development expertise, the kind that takes years to acquire and constant updating to keep ahead of Android's defenses. Renting it through Telegram, where it's being marketed and sold, makes assembling working bank-fraud malware about as easy as putting together a PowerPoint presentation.

RedWing can't do the hard work of getting itself onto your phone, so it needs you to do that part yourself, which means the entire operation still comes down to social engineering. A criminal renting this kit is counting on convincing you that a fake banking app is real: a text with a link to "update your banking app," a search result for your bank that leads somewhere it shouldn't, a prompt during a phone call from someone pretending to be your bank's fraud department. Once you install what you think is a legitimate app, RedWing does the rest.

Everything in this story comes down to one moment: whether you install something you shouldn't. Only download banking apps through the Google Play Store, never from a link in a text or email, even one that looks like it came from your bank. Google has started fighting this exact tactic directly: a new mandatory 24-hour wait for sideloading apps from unverified developers is designed to break the live-call pressure scammers rely on. Be skeptical of any app requesting permission to read your SMS messages or access to Android's accessibility services, since those are the permissions banking trojans need to function, and no legitimate banking app has a good reason to ask for them.

If your bank offers app-based login alerts or transaction notifications, turn them on, since catching fraudulent activity within minutes rather than days is often what determines whether you get your money back. A good antivirus app is one of the few defenses that can catch this kind of malware before it does damage, in case something slips past your other precautions.

If you've already installed a banking app from anywhere other than the Play Store, don't wait to find out whether it was real. Uninstall it, run a scan with a mobile security app, and call your bank's fraud line directly using the number on the back of your card, not any number the app or a text gave you. Watch your account for a few weeks afterward, since stolen credentials don't always get used immediately.

This rental-kit model already reshaped ransomware, turning it from a niche threat into an everyday one over the past several years. Expect the same trajectory here: once one banking trojan proves profitable as a rental, competitors typically follow with their own kits, often targeting other platforms or other categories of fraud. For us, that means remaining increasingly vigilant for these risks across all of our online activities.

Read next: The best antivirus apps for Android in 2026


Topics

News, Phones and Mobile, Mobile Apps, Android Apps, Blog


Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.