CINXE.COM

<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="http://gmpg.org/xfn/11"> <link rel="pingback" href="https://news.sophos.com/xmlrpc.php"> <link rel="alternate" hreflang="es-419" href="https://news.sophos.com/es-419/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers" /> <link rel="alternate" hreflang="nl-nl" href="https://news.sophos.com/nl-nl/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers" /> <link rel="alternate" hreflang="pt-br" href="https://news.sophos.com/pt-br/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers" /> <link rel="alternate" hreflang="de-de" href="https://news.sophos.com/de-de/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers" /> <link rel="alternate" hreflang="en-us" href="https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers" /> <link rel="alternate" hreflang="fr-fr" href="https://news.sophos.com/fr-fr/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers" /> <link rel="alternate" hreflang="es-es" href="https://news.sophos.com/es-es/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers" /> <link rel="alternate" hreflang="it-it" href="https://news.sophos.com/it-it/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers" /> <link rel="alternate" hreflang="ja-jp" href="https://news.sophos.com/ja-jp/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers" /> <link rel="alternate" hreflang="zh-tw" href="https://news.sophos.com/zh-tw/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers" />  <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-TW8W88B');</script>  <script type="text/javascript"> /* <![CDATA[ */ (()=>{var e={};e.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),function({ampUrl:n,isCustomizePreview:t,isAmpDevMode:r,noampQueryVarName:o,noampQueryVarValue:s,disabledStorageKey:i,mobileUserAgents:a,regexRegex:c}){if("undefined"==typeof sessionStorage)return;const d=new RegExp(c);if(!a.some((e=>{const n=e.match(d);return!(!n||!new RegExp(n[1],n[2]).test(navigator.userAgent))||navigator.userAgent.includes(e)})))return;e.g.addEventListener("DOMContentLoaded",(()=>{const e=document.getElementById("amp-mobile-version-switcher");if(!e)return;e.hidden=!1;const n=e.querySelector("a[href]");n&&n.addEventListener("click",(()=>{sessionStorage.removeItem(i)}))}));const g=r&&["paired-browsing-non-amp","paired-browsing-amp"].includes(window.name);if(sessionStorage.getItem(i)||t||g)return;const u=new URL(location.href),m=new URL(n);m.hash=u.hash,u.searchParams.has(o)&&s===u.searchParams.get(o)?sessionStorage.setItem(i,"1"):m.href!==u.href&&(window.stop(),location.replace(m.href))}({"ampUrl":"https:\/\/news.sophos.com\/en-us\/2018\/07\/23\/red-alert-2-0-android-trojan-targets-security-seekers\/?amp=1","noampQueryVarName":"noamp","noampQueryVarValue":"mobile","disabledStorageKey":"amp_mobile_redirect_disabled","mobileUserAgents":["Mobile","Android","Silk\/","Kindle","BlackBerry","Opera Mini","Opera Mobi"],"regexRegex":"^\\\/((?:.|\\n)+)\\\/([i]*)$","isCustomizePreview":false,"isAmpDevMode":false})})(); /* ]]> */ </script> <title>Red Alert 2.0: Android Trojan targets security-seekers – Sophos News</title> <meta name='robots' content='max-image-preview:large' /> <style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>  <meta name="google-site-verification" content="8r1qg681OjOolfxmHEY1IYupmTBdyKXc-OPfpgeQHFk" /> <link rel='dns-prefetch' href='//unpkg.com' /> <link rel='dns-prefetch' href='//stats.wp.com' /> <link rel='dns-prefetch' href='//v0.wordpress.com' /> <link rel="alternate" type="application/rss+xml" title="Sophos News » Feed" href="https://news.sophos.com/feed/" /> <link rel="alternate" type="application/rss+xml" title="Sophos News » Comments Feed" href="https://news.sophos.com/comments/feed/" /> <link rel="alternate" type="application/rss+xml" title="Sophos News » Red Alert 2.0: Android Trojan targets security-seekers Comments Feed" href="https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/feed/" /> <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/news.sophos.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.1"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <style id='wp-emoji-styles-inline-css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='all-css-2' href='https://news.sophos.com/wp-includes/css/dist/block-library/style.min.css?m=1732206022g' type='text/css' media='all' /> <style id='safe-svg-svg-icon-style-inline-css'> .safe-svg-cover{text-align:center}.safe-svg-cover .safe-svg-inside{display:inline-block;max-width:100%}.safe-svg-cover svg{height:100%;max-height:100%;max-width:100%;width:100%} </style> <link rel='stylesheet' id='all-css-6' href='https://news.sophos.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpobGxkZmBkYGQMARIMu1Q==' type='text/css' media='all' /> <style id='jetpack-sharing-buttons-style-inline-css'> .jetpack-sharing-buttons__services-list{display:flex;flex-direction:row;flex-wrap:wrap;gap:0;list-style-type:none;margin:5px;padding:0}.jetpack-sharing-buttons__services-list.has-small-icon-size{font-size:12px}.jetpack-sharing-buttons__services-list.has-normal-icon-size{font-size:16px}.jetpack-sharing-buttons__services-list.has-large-icon-size{font-size:24px}.jetpack-sharing-buttons__services-list.has-huge-icon-size{font-size:36px}@media print{.jetpack-sharing-buttons__services-list{display:none!important}}.editor-styles-wrapper .wp-block-jetpack-sharing-buttons{gap:0;padding-inline-start:0}ul.jetpack-sharing-buttons__services-list.has-background{padding:1.25em 2.375em} </style> <style id='co-authors-plus-coauthors-style-inline-css'> .wp-block-co-authors-plus-coauthors.is-layout-flow [class*=wp-block-co-authors-plus]{display:inline} </style> <style id='co-authors-plus-avatar-style-inline-css'> .wp-block-co-authors-plus-avatar :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-avatar :where(img){vertical-align:middle}.wp-block-co-authors-plus-avatar:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-avatar.aligncenter{display:table;margin-inline:auto} </style> <style id='co-authors-plus-image-style-inline-css'> .wp-block-co-authors-plus-image{margin-bottom:0}.wp-block-co-authors-plus-image :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-image :where(img){vertical-align:middle}.wp-block-co-authors-plus-image:is(.alignfull,.alignwide) :where(img){width:100%}.wp-block-co-authors-plus-image:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-image.aligncenter{display:table;margin-inline:auto} </style> <style id='elasticpress-facet-style-inline-css'> .widget_ep-facet input[type=search],.wp-block-elasticpress-facet input[type=search]{margin-bottom:1rem}.widget_ep-facet .searchable .inner,.wp-block-elasticpress-facet .searchable .inner{max-height:20em;overflow:scroll}.widget_ep-facet .term.hide,.wp-block-elasticpress-facet .term.hide{display:none}.widget_ep-facet .empty-term,.wp-block-elasticpress-facet .empty-term{opacity:.5;position:relative}.widget_ep-facet .empty-term:after,.wp-block-elasticpress-facet .empty-term:after{bottom:0;content:" ";display:block;left:0;position:absolute;right:0;top:0;width:100%;z-index:2}.widget_ep-facet .level-1,.wp-block-elasticpress-facet .level-1{padding-left:20px}.widget_ep-facet .level-2,.wp-block-elasticpress-facet .level-2{padding-left:40px}.widget_ep-facet .level-3,.wp-block-elasticpress-facet .level-3{padding-left:60px}.widget_ep-facet .level-4,.wp-block-elasticpress-facet .level-4{padding-left:5pc}.widget_ep-facet .level-5,.wp-block-elasticpress-facet .level-5{padding-left:75pt}.widget_ep-facet input[disabled],.wp-block-elasticpress-facet input[disabled]{cursor:pointer;opacity:1}.widget_ep-facet .term a,.wp-block-elasticpress-facet .term a{-webkit-box-align:center;-ms-flex-align:center;align-items:center;display:-webkit-box;display:-ms-flexbox;display:flex;position:relative}.widget_ep-facet .term a:hover .ep-checkbox,.wp-block-elasticpress-facet .term a:hover .ep-checkbox{background-color:#ccc}.ep-checkbox{-webkit-box-align:center;-ms-flex-align:center;-ms-flex-negative:0;-webkit-box-pack:center;-ms-flex-pack:center;align-items:center;background-color:#eee;display:-webkit-box;display:-ms-flexbox;display:flex;flex-shrink:0;height:1em;justify-content:center;margin-right:.25em;width:1em}.ep-checkbox:after{border:solid #fff;border-width:0 .125em .125em 0;content:"";display:none;height:.5em;-webkit-transform:rotate(45deg);transform:rotate(45deg);width:.25em}.ep-checkbox.checked{background-color:#5e5e5e}.ep-checkbox.checked:after{display:block} </style> <link rel='stylesheet' id='all-css-18' href='https://news.sophos.com/wp-content/mu-plugins/search/elasticpress/dist/css/related-posts-block-styles.min.css?m=1730999764g' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='all-css-22' href='https://news.sophos.com/wp-content/themes/sophosnews-2017/style-2021.css?m=1722941894g' type='text/css' media='all' /> <script type="text/javascript" src="https://news.sophos.com/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraG5sZGRgZmBkXEWAK8tIhI=" ></script><link rel="https://api.w.org/" href="https://news.sophos.com/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://news.sophos.com/wp-json/wp/v2/posts/48556" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://news.sophos.com/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress 6.7.1" /> <link rel="canonical" href="https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/" /> <link rel='shortlink' href='https://news.sophos.com/?p=48556' /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://news.sophos.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2018%2F07%2F23%2Fred-alert-2-0-android-trojan-targets-security-seekers%2F" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://news.sophos.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2018%2F07%2F23%2Fred-alert-2-0-android-trojan-targets-security-seekers%2F&format=xml" /> <link rel="me" href="https://infosec.exchange/@SophosXOps"/> <link rel="alternate" type="text/html" media="only screen and (max-width: 640px)" href="https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/?amp=1"> <style>img#wpstats{display:none}</style> <link rel="amphtml" href="https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/?amp=1"><style>#amp-mobile-version-switcher{left:0;position:absolute;width:100%;z-index:100}#amp-mobile-version-switcher>a{background-color:#444;border:0;color:#eaeaea;display:block;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen-Sans,Ubuntu,Cantarell,Helvetica Neue,sans-serif;font-size:16px;font-weight:600;padding:15px 0;text-align:center;-webkit-text-decoration:none;text-decoration:none}#amp-mobile-version-switcher>a:active,#amp-mobile-version-switcher>a:focus,#amp-mobile-version-switcher>a:hover{-webkit-text-decoration:underline;text-decoration:underline}</style>  <meta property="og:type" content="article" /> <meta property="og:title" content="Red Alert 2.0: Android Trojan targets security-seekers" /> <meta property="og:url" content="https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/" /> <meta property="og:description" content="A malicious, counterfeit version of a VPN client聽for mobile devices targets security-minded victims with a RAT." /> <meta property="article:published_time" content="2018-07-23T07:00:26+00:00" /> <meta property="article:modified_time" content="2018-09-07T15:08:29+00:00" /> <meta property="og:site_name" content="Sophos News" /> <meta property="og:image" content="https://news.sophos.com/wp-content/uploads/2018/04/sophoslabs-uncut.png?w=640" /> <meta property="og:image:secure_url" content="https://news.sophos.com/wp-content/uploads/2018/04/sophoslabs-uncut.png?w=640" /> <meta property="og:image:width" content="640" /> <meta property="og:image:height" content="336" /> <meta property="og:image:alt" content="SophosLabs Uncut" /> <meta property="og:locale" content="en_US" /> <meta property="fb:admins" content="28552295016" /> <meta name="twitter:text:title" content="Red Alert 2.0: Android Trojan targets security-seekers" /> <meta name="twitter:image" content="https://news.sophos.com/wp-content/uploads/2018/04/sophoslabs-uncut.png?w=640" /> <meta name="twitter:image:alt" content="SophosLabs Uncut" /> <meta name="twitter:card" content="summary_large_image" />  <link rel="icon" href="https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=32" sizes="32x32" /> <link rel="icon" href="https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=192" sizes="192x192" /> <link rel="apple-touch-icon" href="https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=180" /> <meta name="msapplication-TileImage" content="https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=270" /> <style type="text/css" id="wp-custom-css"> .entry-content .embed-vimeo iframe, .entry-content .embed-youtube iframe { aspect-ratio: 16/9; width: 100%; height: auto; } </style> </head> <body class="post-template-default single single-post postid-48556 single-format-standard group-blog">  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TW8W88B" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <div id="page" class="hfeed site"> <a class="sr-only" href="#content">Skip to content</a> <header class="bg-blue-600" x-data="{ mobileMenu: false, searchField: false }"> <div class="container"> <div class="flex items-center justify-between h-16">  <div class="flex-shrink-0"> <a class="site-logo" href="https://news.sophos.com/en-us/" rel="home"> <svg width="172" height="17" xmlns="http://www.w3.org/2000/svg"> <g fill="#FFF" fill-rule="evenodd"> <path d="M113.024 5.298V16.74h-2.595V.259h2.265l7.997 11.49V.26h2.619v16.482h-2.289l-7.997-11.443M126.064.259h10.78v2.307H128.8v4.521h7.549v2.214h-7.55v5.133h8.376v2.307h-11.111V.259M138.478.259h2.855l2.694 12.29L147.29.26h2.783l3.61 12.314L156.005.26h2.783l-3.62 16.482h-2.76l-3.751-12.126-3.426 12.126h-2.784L138.478.259M168.933 4.968v-.283c0-1.318-.778-2.425-3.492-2.425-2.43 0-3.279 1.013-3.279 2.284 0 1.201.708 1.743 2.218 2.073l3.491.776c2.123.448 4.129 1.602 4.129 4.333 0 3.014-1.675 5.274-6.204 5.274-5.214 0-6.559-2.26-6.559-4.52v-.307h2.737v.26c0 1.2.755 2.284 3.774 2.284 2.5 0 3.421-1.084 3.421-2.638 0-1.224-.731-1.907-2.289-2.237l-3.49-.777c-2.407-.517-3.917-1.742-3.917-4.309 0-2.566 1.77-4.756 6.016-4.756 4.553 0 6.18 2.26 6.18 4.639v.33h-2.736M85.303 16.718h8.88c2.492 0 3.549-.15 4.379-.677 1.308-.803 2.139-2.378 2.139-4.162 0-1.457-.504-2.868-1.258-3.622-.981-1.006-2.316-1.382-4.783-1.382h-2.693c-1.208 0-2.097-.05-2.6-.276-.605-.277-.956-.81-.956-1.562 0-.88.427-1.455 1.132-1.632.529-.124 1.14-.124 2.726-.15h7.949V.265h-8.754c-1.963 0-2.843.075-3.598.353-1.737.602-2.921 2.383-2.921 4.518 0 1.458.58 2.745 1.587 3.624.881.753 2.189 1.105 4.202 1.105h3.584c.805 0 1.46.1 1.813.3.678.327 1.08.934 1.08 1.714 0 .652-.301 1.122-.83 1.447-.426.278-1.158.403-2.49.403h-8.588v2.99zm-84.945 0h8.88c2.492 0 3.549-.15 4.38-.677 1.307-.803 2.138-2.378 2.138-4.162 0-1.457-.504-2.868-1.258-3.622-.982-1.006-2.316-1.382-4.783-1.382H7.023c-1.209 0-2.098-.05-2.6-.276-.605-.277-.957-.81-.957-1.562 0-.88.427-1.455 1.132-1.632.53-.124 1.141-.124 2.726-.15h7.95V.265H6.52c-1.964 0-2.844.075-3.6.353C1.185 1.22 0 3 0 5.136 0 6.594.582 7.881 1.587 8.76c.881.753 2.19 1.105 4.203 1.105h3.582c.807 0 1.46.1 1.814.3.678.327 1.08.934 1.08 1.714 0 .652-.3 1.122-.83 1.447-.426.278-1.157.403-2.49.403H.358v2.99zM71.99 4.596c-.52.813-.765 2.118-.765 3.87 0 3.845 1.331 5.595 4.294 5.595 2.915 0 4.248-1.75 4.248-5.546 0-3.847-1.308-5.571-4.248-5.571-1.604 0-2.864.592-3.53 1.652zm10.05-1.897c1.013 1.33 1.58 3.498 1.58 6.039 0 2.882-.914 5.249-2.544 6.555-1.233.986-3.11 1.528-5.335 1.528-3.16 0-5.654-1.037-6.937-2.884-.964-1.355-1.435-3.155-1.435-5.35 0-3.152.866-5.544 2.495-6.826C71.149.726 73.175.158 75.497.158c2.938 0 5.284.913 6.543 2.54zM65.36.279h-3.507v6.73h-6.345V.278h-3.507v16.439h3.507V9.94h6.345v6.778h3.506V.278zM43.533 8.042c.938 0 1.48-.123 1.852-.469.442-.37.715-1.158.715-2.07 0-1.084-.443-1.872-1.208-2.144-.272-.1-.717-.149-1.286-.149h-4.839v4.832h4.766zm-4.766 8.674h-3.507V.278h8.223c2.889 0 3.902.295 4.988 1.504.964 1.036 1.481 2.39 1.481 3.845 0 1.725-.69 3.327-1.826 4.289-.962.813-1.854 1.058-3.728 1.058h-5.63v5.743zM21.665 4.596c-.519.813-.764 2.118-.764 3.87 0 3.845 1.333 5.595 4.297 5.595 2.913 0 4.247-1.75 4.247-5.546 0-3.847-1.308-5.571-4.247-5.571-1.606 0-2.866.592-3.533 1.652zm10.052-1.897c1.014 1.33 1.581 3.498 1.581 6.039 0 2.882-.914 5.249-2.545 6.555-1.233.986-3.11 1.528-5.333 1.528-3.162 0-5.656-1.037-6.94-2.884-.964-1.355-1.432-3.155-1.432-5.35 0-3.152.865-5.544 2.496-6.826C20.825.726 22.85.158 25.173.158c2.938 0 5.286.913 6.544 2.54z"/> </g> </svg> </a> </div>  <div class="lg:flex justify-end flex-grow hidden" x-show="searchField" x-cloak> <div class="relative w-1/2 rounded-md shadow-sm"> <form role="search" method="get" action="https://news.sophos.com/en-us/"> <input type="text" class="block w-full text-lg text-white placeholder-gray-100 bg-blue-800 border-0 rounded-md font-sansMedium font-medium" placeholder="Type to Search News" x-ref="searchInput" name="s" /> <div class="absolute inset-y-0 right-0 flex items-center px-3"> <button class="hover:opacity-100 opacity-60 p-1 text-xs text-white uppercase rounded-full cursor-pointer" type="submit" > Search </button> </div> </form> </div> </div>  <div class="lg:flex items-center flex-grow hidden" x-show="!searchField" x-cloak> <div class="flex ml-auto"> <ul id="menu-en-us-primary" class="primary-menu"><li id="menu-item-77773" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor menu-item-77773"><a href="https://news.sophos.com/en-us/category/products-services/">Products & Services<div class="menu-item-description"></div></a></li> <li id="menu-item-77772" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-77772"><a href="https://news.sophos.com/en-us/category/security-operations/">Security Operations<div class="menu-item-description"></div></a></li> <li id="menu-item-77774" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor menu-item-77774"><a href="https://news.sophos.com/en-us/category/threat-research/">Threat Research<div class="menu-item-description"></div></a></li> <li id="menu-item-85326" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-85326"><a href="https://news.sophos.com/en-us/category/ai-research/">AI Research<div class="menu-item-description"></div></a></li> <li id="menu-item-951374" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-951374"><a href="https://news.sophos.com/en-us/category/serious-security/">Naked Security<div class="menu-item-description"></div></a></li> <li id="menu-item-83702" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-83702"><a href="https://news.sophos.com/en-us/category/sophos-life/">Sophos Life<div class="menu-item-description"></div></a></li> </ul> </div> </div>  <div class="lg:block hidden ml-4"> <div class="flex items-center"> <button class="border-2 border-transparent hover:border-white inline-flex items-center justify-center p-2 text-white rounded-md focus:outline-none transition-colors" @click.prevent="searchField = !searchField; $nextTick(() => { setTimeout(() => { $refs.searchInput.focus(); }, 150);});" > <span class="sr-only">Search</span>  <svg class="w-5 h-5" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" :class="{ 'block': !searchField, 'hidden': searchField }" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z" /> </svg> <svg class="hidden w-5 h-5" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" aria-hidden="true" :class="{ 'block': searchField, 'hidden': !searchField }" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M6 18L18 6M6 6l12 12" /> </svg> </button> </div> </div>  <div class="lg:hidden flex -mr-2"> <button type="button" class="hover:text-white hover:bg-blue-800 focus:outline-none hover:ring-2 focus:ring-offset-2 focus:ring-offset-gray-300 focus:ring-white inline-flex items-center justify-center p-2 text-white rounded-md" aria-controls="mobile-menu" aria-expanded="false" @click="mobileMenu = !mobileMenu" > <span class="sr-only">Open main menu</span>  <svg class="block w-6 h-6" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" :class="{ 'block': !mobileMenu, 'hidden': mobileMenu }" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M4 6h16M4 12h16m-7 6h7" /> </svg>  <svg class="hidden w-6 h-6" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" aria-hidden="true" :class="{ 'block': mobileMenu, 'hidden': !mobileMenu }" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M6 18L18 6M6 6l12 12" /> </svg> </button> </div> </div> </div>  <div class="lg:hidden container" x-show="mobileMenu" x-cloak x-transition:enter="transition-all ease-out duration-100" x-transition:enter-start="transform opacity-0 scale-95" x-transition:enter-end="transform opacity-100 scale-100" x-transition:leave="transition ease-in duration-75" x-transition:leave-start="transform opacity-100 scale-100" x-transition:leave-end="transform opacity-0 scale-95" > <div class="pt-2 pb-8 space-y-2"> <div class="relative rounded-md shadow-sm"> <form role="search" method="get" action="https://news.sophos.com/en-us/"> <input type="text" class="focus:ring-blue-600 focus:border-blue-600 sm:text-sm block w-full placeholder-gray-600 border-gray-300 rounded-md" placeholder="Search News" name="s" /> <div class="absolute inset-y-0 right-0 flex items-center px-3 pointer-events-none" > <button class="p-1 text-gray-500 rounded-full" type="submit"> <span class="sr-only">Search</span>  <svg class="w-4 h-4" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z" /> </svg> </button> </div> </form> </div> <ul id="menu-en-us-primary-1" class="mobile-menu"><li class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor menu-item-77773"><a href="https://news.sophos.com/en-us/category/products-services/">Products & Services<div class="menu-item-description"></div></a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-77772"><a href="https://news.sophos.com/en-us/category/security-operations/">Security Operations<div class="menu-item-description"></div></a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor menu-item-77774"><a href="https://news.sophos.com/en-us/category/threat-research/">Threat Research<div class="menu-item-description"></div></a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-85326"><a href="https://news.sophos.com/en-us/category/ai-research/">AI Research<div class="menu-item-description"></div></a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-951374"><a href="https://news.sophos.com/en-us/category/serious-security/">Naked Security<div class="menu-item-description"></div></a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-83702"><a href="https://news.sophos.com/en-us/category/sophos-life/">Sophos Life<div class="menu-item-description"></div></a></li> </ul> </div> </div> </header> <div id="content"> <div id="primary" class="content-area"> <main id="main" class="site-main" role="main"> <article id="post-48556" class="post-48556 post type-post status-publish format-standard has-post-thumbnail hentry category-malware category-smartphones category-sophoslabs-uncut tag-android tag-android-banker tag-android-malware tag-bankbot tag-banking-malware tag-malware tag-red-alert-2-0 tag-sophos-mobile region-en-us"> <div class="md:mt-16 container mt-8"> <div class="relative max-w-5xl mx-auto"> <div class="aspect-w-16 aspect-h-9 flex bg-gray-400 bg-right bg-no-repeat bg-cover" > <img width="1200" height="630" src="https://news.sophos.com/wp-content/uploads/2018/04/sophoslabs-uncut.png?w=1200" class="object-cover wp-post-image" alt="SophosLabs Uncut" decoding="async" fetchpriority="high" srcset="https://news.sophos.com/wp-content/uploads/2018/04/sophoslabs-uncut.png 1200w, https://news.sophos.com/wp-content/uploads/2018/04/sophoslabs-uncut.png?resize=300,158 300w, https://news.sophos.com/wp-content/uploads/2018/04/sophoslabs-uncut.png?resize=768,403 768w, https://news.sophos.com/wp-content/uploads/2018/04/sophoslabs-uncut.png?resize=1024,538 1024w" sizes="(max-width: 1200px) 100vw, 1200px" /> </div> <div class="left-4 w-24 h-24 lg:left-12 xl:left-16 lg:w-40 lg:h-40 place-items-center absolute top-0 grid " > <img src="https://news.sophos.com/wp-content/uploads/2021/06/Category-Icon-Products-Services@2x_r2.min_.png" alt="Products and Services" /> <span class="font-sansSemiBold lg:text-base lg:leading-tight text-2xs absolute bottom-0 p-4 font-semibold leading-tight text-center text-white"> PRODUCTS & SERVICES </span> </div> </div> </div> <header> <div class="container mt-8 md:mt-16 md:-mb-4"> <div class="max-w-4xl mx-auto"> <h1 class="text-style-h1 mb-8">Red Alert 2.0: Android Trojan targets security-seekers</h1> <div class="text-xl md:text-2xl -mt-2 mb-6"> A malicious, counterfeit version of a VPN client聽for mobile devices targets security-minded victims with a RAT. </div> <div class="text-xl md:text-xl -mt-2"> <span class="byline"> Written by <span class="author vcard"> <a href="https://news.sophos.com/en-us/author/jagadeesh-chandraiah/" title="Posts by Jagadeesh Chandraiah" class="author url fn" rel="author">Jagadeesh Chandraiah</a> </span> </span> </div> <div class="text-sophos-gray-600 mt-4 text-xs font-sansSemiBold font-semibold leading-tight uppercase"> <span class="posted-on"><a href="https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/" rel="bookmark">July 23, 2018</a></span> </div> <div class="mt-6 space-y-2 space-x-1"> <a href="https://news.sophos.com/en-us/category/products-services/malware/" class="category-tag-pill">Malware</a> <a href="https://news.sophos.com/en-us/category/products-services/smartphones/" class="category-tag-pill">Smartphones</a> <a href="https://news.sophos.com/en-us/category/threat-research/sophoslabs-uncut/" class="category-tag-pill">SophosLabs Uncut</a> <a href="https://news.sophos.com/en-us/tag/android/" class="category-tag-pill">Android</a> <a href="https://news.sophos.com/en-us/tag/android-banker/" class="category-tag-pill">Android Banker</a> <a href="https://news.sophos.com/en-us/tag/android-malware/" class="category-tag-pill">Android malware</a> <a href="https://news.sophos.com/en-us/tag/bankbot/" class="category-tag-pill">Bankbot</a> <a href="https://news.sophos.com/en-us/tag/banking-malware/" class="category-tag-pill">Banking malware</a> <a href="https://news.sophos.com/en-us/tag/malware/" class="category-tag-pill">malware</a> <a href="https://news.sophos.com/en-us/tag/red-alert-2-0/" class="category-tag-pill">Red Alert 2.0</a> <a href="https://news.sophos.com/en-us/tag/sophos-mobile/" class="category-tag-pill">Sophos Mobile</a> </div> </div> </div> </header> <div class="container md:my-16 xl:my-24 my-8"> <div class="entry-content lg:prose-lg mx-auto prose max-w-4xl"> <p><strong>By Jagadeesh Chandraiah</strong></p> <p>SophosLabs聽has uncovered a mobile malware distribution campaign that uses advertising placement to distribute the Red Alert Trojan, linking counterfeit branding of well-known apps to Web pages that deliver an updated, 2.0 version of this bank credential thief.</p> <p>The group distributing this family of malware decorates it in the branding and logos of well-known social media or media player apps, system update patches, or (in its most recent campaign) VPN client apps in an attempt to lure users into downloading, installing, and elevating the privileges of a Trojanized app hosted on a site not affiliated with any reputable app market or store.</p> <p>Aside from the inescapable irony of disguising a security-reducing Trojan as an ostensibly security-enhancing app, and the righteous affront to the whole concept of a VPN’s purpose a Trojan so disguised inspires, this represents an escalation in the variety of app types targeted by this campaign of聽<a href="https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-another-year-bankbots-wpna.pdf?la=en">bankbots in disguise</a>.</p> <h3>Red Alert Plays Dress-Up</h3> <p><a href="https://news.sophos.com/wp-content/uploads/2018/06/vpn-software-single-image-version-2.png"><img decoding="async" class="alignnone wp-image-48621" src="https://news.sophos.com/wp-content/uploads/2018/06/vpn-software-single-image-version-2.png?w=640" alt="" width="816" height="306" srcset="https://news.sophos.com/wp-content/uploads/2018/06/vpn-software-single-image-version-2.png 1064w, https://news.sophos.com/wp-content/uploads/2018/06/vpn-software-single-image-version-2.png?resize=300,113 300w, https://news.sophos.com/wp-content/uploads/2018/06/vpn-software-single-image-version-2.png?resize=768,288 768w, https://news.sophos.com/wp-content/uploads/2018/06/vpn-software-single-image-version-2.png?resize=1024,384 1024w" sizes="(max-width: 816px) 100vw, 816px" /></a></p> <p> </p> <p>In the wild, we found Web pages designed to (vaguely) resemble legitimate app market pages, hosting files for download that have been disguised as a legitimate mobile application of moderately broad appeal, such as a media player or social media app.</p> <p>But the categories targeted by this group seem to be broadening with the inclusion of VPN software.</p> <p>The Web page shown here on the left is hosted on a domain that seems apt:聽<strong>free-vpn[.]download.聽</strong>Investigation of this domain led to additional domains that appear to have been registered for use with the campaign, but are not in use yet. (You can find additional IoCs at the end of this article)</p> <p>As you can see, the Web page uses a similar colour scheme as, and the icon design from, a legitimate VPN application (VPN Proxy Master) found on the Google Play store.</p> <p>The fake doesn’t quite nail the app name.</p> <p><a href="https://news.sophos.com/wp-content/uploads/2018/06/device-admin-flash-crop.png"><img decoding="async" class="alignnone size-medium wp-image-48615" src="https://news.sophos.com/wp-content/uploads/2018/06/device-admin-flash-crop.png?w=300" alt="" width="300" height="169" srcset="https://news.sophos.com/wp-content/uploads/2018/06/device-admin-flash-crop.png 470w, https://news.sophos.com/wp-content/uploads/2018/06/device-admin-flash-crop.png?resize=300,169 300w" sizes="(max-width: 300px) 100vw, 300px" /></a>In addition to “Free VPN Master Android,” we’ve observed Red Alert 2.0 Trojans in the wild disguising themselves using names like:</p> <ul> <li>Flash Player or Update Flash Player</li> <li>Android Update or聽Android Antivirus</li> <li>Chrome Update or Google Update</li> <li>Update Google Market</li> <li>WhatsApp</li> <li>Viber</li> <li>OneCoin Wallet</li> <li>Pornhub</li> <li>Tactic FlashLight or PROFlashLight</li> <li>Finanzonline</li> </ul> <p>The vast majority of in-the-wild Red Alert 2.0 samples falsely present themselves as Adobe Flash player for Android, a utility that Adobe stopped supporting years ago. Our logs show a number of simultaneous Red Alert 2.0 campaigns in operation, many (but not all) hosted on dynamic DNS domains.</p> <p><a href="https://news.sophos.com/wp-content/uploads/2018/07/new_imag3_campaigns_obs.png"><img loading="lazy" decoding="async" class="alignnone size-full wp-image-48671" src="https://news.sophos.com/wp-content/uploads/2018/07/new_imag3_campaigns_obs.png" alt="" width="415" height="522" srcset="https://news.sophos.com/wp-content/uploads/2018/07/new_imag3_campaigns_obs.png 415w, https://news.sophos.com/wp-content/uploads/2018/07/new_imag3_campaigns_obs.png?resize=239,300 239w" sizes="auto, (max-width: 415px) 100vw, 415px" /></a></p> <h3>The Red Alert Payload</h3> <p>Once installed, the malware requests Device Administrator privileges.</p> <p><a href="https://news.sophos.com/wp-content/uploads/2018/06/imag4_dev_adm.jpg"><img loading="lazy" decoding="async" class="size-full wp-image-48566 alignnone" src="https://news.sophos.com/wp-content/uploads/2018/06/imag4_dev_adm.jpg" alt="" width="352" height="304" srcset="https://news.sophos.com/wp-content/uploads/2018/06/imag4_dev_adm.jpg 352w, https://news.sophos.com/wp-content/uploads/2018/06/imag4_dev_adm.jpg?resize=300,259 300w" sizes="auto, (max-width: 352px) 100vw, 352px" /></a></p> <p>If the malware obtains device administrator rights, it will be able to lock the screen by itself, expire the password, and resist being uninstalled through normal methods.</p> <p><a href="https://news.sophos.com/wp-content/uploads/2018/06/screenshot-6b3001f17250863a442594c326a22bd2.png"><img loading="lazy" decoding="async" class="alignnone size-medium wp-image-48613" src="https://news.sophos.com/wp-content/uploads/2018/06/screenshot-6b3001f17250863a442594c326a22bd2.png?w=180" alt="Device admin request from app that says it is WhatsApp" width="180" height="300" srcset="https://news.sophos.com/wp-content/uploads/2018/06/screenshot-6b3001f17250863a442594c326a22bd2.png 480w, https://news.sophos.com/wp-content/uploads/2018/06/screenshot-6b3001f17250863a442594c326a22bd2.png?resize=180,300 180w" sizes="auto, (max-width: 180px) 100vw, 180px" /></a></p> <p>The app then stays in the background listening to commands from the cybercrooks.</p> <p>Within some of the first of those commands, the bot typically receives a list of banks it will target. The Trojan works by creating an overlay whenever the user launches the banking application.</p> <h3>Currently Running Applications</h3> <p>Banking Trojans that rely on the overlay mechanism to steal information need to know what application is in the foreground. They do this not only to identify whether the use of a particular app may permit them to harvest another credential, but also because each targeted app needs to have an overlay mapped to its design, so the Trojan can intercept and steal user data. This quest to determine the currently running application is a hallmark of overlay malware, so we thought we’d take a closer look at how it’s done.</p> <p>To prevent this, Android’s engineers regularly release updates that contain bug fixes designed to prevent apps from getting the list of currently running apps without explicit permission. With every Android update, the malware authors are forced to come up with new tricks.</p> <p>This particular case is not an exception. The author(s) of this malware wrote separate subroutines that identify the operating system version and fire off methods to obtain a list of currently running applications known to work on that particular version of Android.</p> <p>First, they use the built-in toolbox commands to determine what apps are running. If that doesn’t work, they try to use <strong>queryUsageStats</strong>:</p> <h5><a href="https://news.sophos.com/wp-content/uploads/2018/06/imag5_curr_running_app.jpg"><img loading="lazy" decoding="async" class="size-full wp-image-48567 alignnone" src="https://news.sophos.com/wp-content/uploads/2018/06/imag5_curr_running_app.jpg" alt="" width="640" height="588" srcset="https://news.sophos.com/wp-content/uploads/2018/06/imag5_curr_running_app.jpg 670w, https://news.sophos.com/wp-content/uploads/2018/06/imag5_curr_running_app.jpg?resize=300,276 300w" sizes="auto, (max-width: 640px) 100vw, 640px" /></a></h5> <h5>When the malware invokes queryUsageStats, it asks for the list of applications that ran in the last 1 million milliseconds (16 minutes and 40 seconds).</h5> <h3>String Resources Used to Store App Data</h3> <p>Red Alert 2.0 stores its data in an atypical location (inside the Strings.xml file embedded in the app) to fetch its critical data, such as the C2 address.</p> <p><a href="https://news.sophos.com/wp-content/uploads/2018/06/imag6_res_code1.jpg"><img loading="lazy" decoding="async" class="size-full wp-image-48569 alignnone" src="https://news.sophos.com/wp-content/uploads/2018/06/imag6_res_code1.jpg" alt="" width="616" height="102" srcset="https://news.sophos.com/wp-content/uploads/2018/06/imag6_res_code1.jpg 616w, https://news.sophos.com/wp-content/uploads/2018/06/imag6_res_code1.jpg?resize=300,50 300w" sizes="auto, (max-width: 616px) 100vw, 616px" /></a>The <span style="color:#0000ff;">com.dsufabunfzs.dowiflubs</span> strings in the screenshot above refer to the internal name this particular malware was given, which in this case was randomized into alphabet salad. It’s been SophosLabs’ observation that Red Alert Trojans usually have a randomized internal name like this.</p> <p><a href="https://news.sophos.com/wp-content/uploads/2018/07/unredacted_imag7_rescode2_highlight-text.png"><img loading="lazy" decoding="async" class="alignnone size-full wp-image-48704" src="https://news.sophos.com/wp-content/uploads/2018/07/unredacted_imag7_rescode2_highlight-text.png" alt="" width="544" height="423" srcset="https://news.sophos.com/wp-content/uploads/2018/07/unredacted_imag7_rescode2_highlight-text.png 544w, https://news.sophos.com/wp-content/uploads/2018/07/unredacted_imag7_rescode2_highlight-text.png?resize=300,233 300w" sizes="auto, (max-width: 544px) 100vw, 544px" /></a>The strings section of the app contains embedded command-and-control IP addresses, ports, and domain names in plaintext. It is an invaluable source of intelligence about a given campaign..</p> <p>The following snippet shows the location within the Trojan where it uses SQLite database commands to store and recall command-and-control addresses:</p> <p><a href="https://news.sophos.com/wp-content/uploads/2018/06/imag8_c2_code1.jpg"><img loading="lazy" decoding="async" class="size-full wp-image-48571 alignnone" src="https://news.sophos.com/wp-content/uploads/2018/06/imag8_c2_code1.jpg" alt="" width="624" height="254" srcset="https://news.sophos.com/wp-content/uploads/2018/06/imag8_c2_code1.jpg 624w, https://news.sophos.com/wp-content/uploads/2018/06/imag8_c2_code1.jpg?resize=300,122 300w" sizes="auto, (max-width: 624px) 100vw, 624px" /></a></p> <h3>Backdoor Commands</h3> <p>The Red Alert code also contains an embedded list of commands the botmaster can send to the bot.</p> <p>The malware can execute a variety of arbitrary commands, including (for example) intercepting or sending text messages without the user’s knowledge, obtaining a copy of the victim’s Address Book, or call or text message logs, or sending phone network feature codes (also known as USSD codes).<a href="https://news.sophos.com/wp-content/uploads/2018/07/imag9_bot_commands_crop.png"><img loading="lazy" decoding="async" class="alignnone size-full wp-image-48705" src="https://news.sophos.com/wp-content/uploads/2018/07/imag9_bot_commands_crop.png" alt="" width="425" height="214" srcset="https://news.sophos.com/wp-content/uploads/2018/07/imag9_bot_commands_crop.png 425w, https://news.sophos.com/wp-content/uploads/2018/07/imag9_bot_commands_crop.png?resize=300,151 300w" sizes="auto, (max-width: 425px) 100vw, 425px" /></a></p> <h3>C2 and Targeted Banks</h3> <p>As described earlier, the C2 domain is kept in the app鈥檚 resources. During the app execution, the malware contacts C2 domain for further instructions.</p> <p>Most of the network traffic we’ve observed is HTTP. The C2 address, as stored in samples we’ve seen, comprise both an IP address and port number; So far, all the samples we’ve tested attempted to contact an IP address on port 7878/tcp.</p> <p><a href="https://news.sophos.com/wp-content/uploads/2018/06/imag10_req_newc2.jpg"><img loading="lazy" decoding="async" class="size-full wp-image-48573 alignnone" src="https://news.sophos.com/wp-content/uploads/2018/06/imag10_req_newc2.jpg" alt="" width="624" height="242" srcset="https://news.sophos.com/wp-content/uploads/2018/06/imag10_req_newc2.jpg 624w, https://news.sophos.com/wp-content/uploads/2018/06/imag10_req_newc2.jpg?resize=300,116 300w" sizes="auto, (max-width: 624px) 100vw, 624px" /></a></p> <p>If the main C2 domain is not responsive, the bot fetches a backup C2 domain from a Twitter account. Static analysis of the code reveals that the malware downloads the overlay template to use against any of the bank(s) it is targeting.</p> <p>The malware also sends regular telemetry back to its C2 server about the infected device in the form of an HTTP POST to its C2 server. It uses the base Dalvik User-Agent string for the device it’s running on.</p> <p><a href="https://news.sophos.com/wp-content/uploads/2018/07/redalert-http-request-large-2.png"><img loading="lazy" decoding="async" class="alignnone size-large wp-image-48675" src="https://news.sophos.com/wp-content/uploads/2018/07/redalert-http-request-large-2.png?w=640" alt="" width="640" height="330" srcset="https://news.sophos.com/wp-content/uploads/2018/07/redalert-http-request-large-2.png 743w, https://news.sophos.com/wp-content/uploads/2018/07/redalert-http-request-large-2.png?resize=300,155 300w" sizes="auto, (max-width: 640px) 100vw, 640px" /></a></p> <p>The content of the HTTP POST data is telemetry data in a json format about the device the malware is running on.</p> <p><a href="https://news.sophos.com/wp-content/uploads/2018/07/redalert-decoded-base64.png"><img loading="lazy" decoding="async" class="alignnone size-large wp-image-48676" src="https://news.sophos.com/wp-content/uploads/2018/07/redalert-decoded-base64.png?w=640" alt="" width="640" height="101" srcset="https://news.sophos.com/wp-content/uploads/2018/07/redalert-decoded-base64.png 830w, https://news.sophos.com/wp-content/uploads/2018/07/redalert-decoded-base64.png?resize=300,47 300w, https://news.sophos.com/wp-content/uploads/2018/07/redalert-decoded-base64.png?resize=768,121 768w" sizes="auto, (max-width: 640px) 100vw, 640px" /></a></p> <p>The <a href="https://www.ibtimes.co.uk/red-alert-2-0-new-android-banking-malware-that-steals-credentials-also-being-rented-out-500-1639856">list of banks targeted by Red Alert</a> 2.0 includes NatWest, Barclays, Westpac, and Citibank.</p> <p>Red Alert 2.0 is a banking bot that is currently very active online, and presents a risk to Android devices.</p> <p>We expect to see more diversification in the social engineering lures this threat group employs as time goes on. So far, legitimate app stores appear to be this malware’s Achilles heel; disabling the installation of third-party apps has been an effective prevention measure. Stick to Google Play and use VPN software from reputable vendors.</p> <p>Sophos detects all the samples of this Trojan family as Andr/Banker-GWC and Andr/Spybot-A.</p> <p>In the wild, these are only distributed as a direct download from unofficial Web pages (“third-party” app) and not through legitimate app stores.</p> <hr /> <h2>Red Alert 2.0 IoCs list</h2> <h4>C2 addresses</h4> <pre><span style="color:#0000ff;">103.239.30.126:7878</span> <span style="color:#0000ff;">146.185.241.29:7878 146.185.241.42:7878 185.126.200.3:7878 185.126.200.12:7878 185.126.200.15:7878 185.126.200.18:7878</span> <span style="color:#0000ff;">185.165.28.15:7878</span> <span style="color:#0000ff;">185.243.243.241:7878</span> <span style="color:#0000ff;">185.243.243.244:7878</span> <span style="color:#0000ff;">185.243.243.245:7878</span></pre> <p> </p> <h4>Domains</h4> <p style="padding-left:30px;">Malware source Web hosts on <strong>167.99.176.61</strong>:</p> <pre><span style="color:#0000ff;">free-androidvpn.date </span> <span style="color:#0000ff;">free-androidvpn.download </span> <span style="color:#0000ff;">free-androidvpn.online </span> <span style="color:#0000ff;">free-vpn.date </span> <span style="color:#0000ff;">free-vpn.download </span> <span style="color:#0000ff;">free-vpn.online</span></pre> <h4>Hashes</h4> <pre><span style="color:#0000ff;">22fcfce096392f085218c3a78dd0fa4be9e67ed725bce42b965a27725f671cf</span> <span style="color:#0000ff;">55292a4dde8727faad1c40c914cf1be9dfdcf4e67b515aa593bcd8d86e824372</span> <span style="color:#0000ff;">be92a751e5abbcd24151b509dbb4feb98ea46f367a99d6f86ed4a7c162461e31</span> <span style="color:#0000ff;">5c4d666cef84abc2a1ffd3b1060ef28fa3c6c3bb4fad1fa26db99350b41bea4c</span> <span style="color:#0000ff;">06081ab7faa729e33b9397a0e47548e75cbec3d43c50e6368e81d737552150a5</span> <span style="color:#0000ff;">753999cb19a4346042f973e30cf1158c44f2335ab65859d3bfa16bca4098e2ef </span></pre> <aside id="sophos_ad-17" class="widget sophos-inline-ad sophos_widget_ad"> <style>.s-button+.s-button { margin-left: .3125rem; } .s-button { transition: all .15s linear; font-size: .875rem; line-height: 1.5; color: #f2f2f2; font-family: SophosSansMedium, Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: 400; font-style: normal; display: inline-block; padding: .3125rem 1.25rem; cursor: pointer; text-align: center; text-decoration: none; border: 1px solid #005bc8; border-radius: 3px; background-color: #005bc8; text-shadow: none; } .s-button:hover { text-decoration: none; color: #fff; border-color: #002d62; background-color: #002d62; } .s-button--white, .s-button--white:hover { color: #005bc8 !important; border-color: #fff; background-color: #fff; } .s-ad-sophos-mdr { font-size: 1rem; line-height: 1.5; color: #242629; font-family: SophosSansRegular, Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: 400; font-style: normal; position: relative; max-width: 769px; margin: 15px auto; padding: 30px 30px 25px; transition: box-shadow .25s cubic-bezier( .645, .045, .355, 1 ); text-align: center; background-color: #0d141d; background-repeat: no-repeat; background-position: 50%; background-size: cover; box-shadow: 0 0 0 0 0 transparent; background-color: #005bc8; background-image: none; background-position: 0 0; } .s-ad-sophos-mdr__title { font-size: 2rem; line-height: 1.125; margin-bottom: 4px; color: #fff; } .s-ad-sophos-mdr__text { font-family: SophosSansLight, Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: 400; font-style: normal; font-size: 17px; color: #fff; } .s-ad-sophos-mdr__action { margin-top: 15px; } .s-ad-sophos-mdr__action .s-button { color: #fff; } .s-ad-sophos-mdr__link-wrapper { text-decoration: none; } .s-ad-sophos-mdr__link-wrapper:hover .s-ad-sophos-mdr { box-shadow: 0 5px 10px 0 rgba( 0, 0, 0, .15 ); } .s-ad-sophos-mdr__sophos-logo { position: absolute; top: 15px; right: 15px; } .s-ad-sophos-mdr__sophos-logo-svg { display: inline-block; width: 64px; height: 11px; vertical-align: top; background-repeat: no-repeat; background-size: 64px 11px; } .s-ad-sophos-mdr__title { font-family: SophosSansSemibold, Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: 400; font-style: normal; font-size: 28px; font-weight: 700; line-height: 1; margin-bottom: 10px; text-align: left; } .s-ad-sophos-mdr__title svg { max-width: 100%; } .s-ad-sophos-mdr__text { font-size: 16px; line-height: 1.25; text-align: left; } .s-ad-sophos-mdr__action { text-align: right; } .s-ad-sophos-mdr .s-button { border-radius: 20px; } @media (min-width:769px) { .s-ad-sophos-mdr__text { margin-right: 140px; } .s-ad-sophos-mdr__action { position: absolute; right: 30px; bottom: 30px; } } @media (max-width:768px) { .s-ad-sophos-mdr { padding-top: 50px; } .s-ad-sophos-mdr__title { font-size: 1.625rem; } .s-ad-sophos-mdr__text { font-size: 16px; } .s-ad-sophos-mdr { padding-top: 30px; } }</style> <div class="sophos_widget_ad"><a href="https://www.sophos.com/en-us/products/managed-threat-response.aspx" class="s-ad-sophos-mdr__link-wrapper"> <div class="s-ad-sophos-mdr"> <div class="s-ad-sophos-mdr__title"> <img decoding="async" src="https://news.sophos.com/wp-content/uploads/2023/09/ad-sophos-mdr.svg" style="margin-bottom:1rem;margin-top:0px"> </div> <div class="s-ad-sophos-mdr__text"> 24/7 threat hunting, detection, and response delivered by an expert team as a fully-managed service. </div> <div class="s-ad-sophos-mdr__action"> <span class="s-button s-button--white"> Learn More </span> </div> </div> </a> </div> </aside> <hr /> <h5>About the author</h5> <p><a href="https://news.sophos.com/wp-content/uploads/2018/07/chandraiah_jaganeesh.png"><img loading="lazy" decoding="async" class="alignleft size-full wp-image-48678" src="https://news.sophos.com/wp-content/uploads/2018/07/chandraiah_jaganeesh.png" alt="" width="175" height="175" srcset="https://news.sophos.com/wp-content/uploads/2018/07/chandraiah_jaganeesh.png 175w, https://news.sophos.com/wp-content/uploads/2018/07/chandraiah_jaganeesh.png?resize=150,150 150w" sizes="auto, (max-width: 175px) 100vw, 175px" /></a>Jagadeesh Chandraiah is a nine-year veteran of SophosLabs, specializing in Windows and mobile malware analysis. Jagadeesh regularly presents his research at international security conferences like DeepSec, AVAR, CARO, and Virus Bulletin. Outside of work, Jagadeesh enjoys playing badminton.</p> <p> </p> </div> <div class="mt-12"> <ul id="social-sharing" class="flex justify-center items-center space-x-6" > <li class="facebook"> <a class="js-share-modal" href="http://www.facebook.com/share.php?u=https://news.sophos.com/?p=48556&title=Red%20Alert%202.0:%20Android%20Trojan%20targets%20security-seekers" data-title="Red Alert 2.0: Android Trojan targets security-seekers" title="Share on Facebook"> <span class="sr-only">Share on Facebook</span> <svg width="8" height="16" xmlns="http://www.w3.org/2000/svg" class="text-sophos-gray-600 hover:text-black" fill="currentColor" > <path d="M7.145 8.006H4.903V16H1.581V8.006H0V5.182h1.581V3.354C1.581 2.045 2.202 0 4.933 0l2.461.01v2.742H5.608c-.291 0-.705.145-.705.77v1.66h2.533l-.291 2.824z" fill-rule="nonzero"/> </svg> </a> </li> <li class="twitter"> <a class="js-share-modal" href="http://twitter.com/intent/tweet?text=Red%20Alert%202.0%3A%20Android%20Trojan%20targets%20security-seekers%20https%3A%2F%2Fnews.sophos.com%2F%3Fp%3D48556" data-title="" title="Share on X"> <span class="sr-only">Share on X</span> <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" class="text-sophos-gray-600 hover:text-black" fill="currentColor" > <path d="M12.163 1.5h2.206L9.55 7.006l5.669 7.494H10.78L7.303 9.956 3.328 14.5h-2.21l5.154-5.89L.838 1.5h4.55l3.14 4.153zm-.776 11.681h1.222L4.722 2.75H3.409z"/> </svg> </a> </li> <li class="linkedin"> <a href="http://www.linkedin.com/shareArticle?mini=true&url=https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/" data-title="Red Alert 2.0: Android Trojan targets security-seekers" title="Share on LinkedIn" onclick="window.open(this.href, '', 'left=20,top=20,width=500,height=500,toolbar=1,resizable=0'); return false;"> <span class="sr-only">Share on LinkedIn</span> <svg width="16" height="16" xmlns="http://www.w3.org/2000/svg" class="text-sophos-gray-600 hover:text-black" fill="currentColor" > <path d="M16 15.293h-3.43v-5.52c0-1.386-.496-2.334-1.738-2.334-.946 0-1.512.64-1.76 1.256-.09.22-.113.526-.113.836v5.762H5.53s.044-9.35 0-10.316h3.43v1.46c.456-.705 1.27-1.703 3.091-1.703 2.256 0 3.95 1.473 3.95 4.643v5.916zM1.917 3.566h-.022C.745 3.566 0 2.773 0 1.783 0 .772.768 0 1.94 0c1.173 0 1.896.772 1.917 1.783 0 .99-.744 1.783-1.94 1.783zM.202 15.293h3.431V4.977H.203v10.316z" fill-rule="nonzero"/> </svg> </a> </li> <li class="comments"> <a href="#comments" title="Leave a Reply" class="flex items-center space-x-1" > <svg width="16" height="16" xmlns="http://www.w3.org/2000/svg" class="text-sophos-gray-600 hover:text-black" fill="currentColor" > <path d="M8.5 0a7.5 7.5 0 11-3.916 13.898C3.317 15.273 1.773 15.36.256 15.135c1.011-1.185 1.678-2.357 2-3.517l-.007.027A7.5 7.5 0 018.5 0z" fill-rule="evenodd"/> </svg> <span class="font-medium font-sansMedium text-xs">5</span> </a> </li> </ul> </div> </div> </article> <div class="container my-8 md:my-16"> <div class="max-w-4xl mx-auto"> <div class="article-author-block article-co-authors-block"> <div class="author-block"> <div class="author-block__profile"> <img alt='' src='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-one.png' class='avatar avatar-400 photo' height='400' width='400' /> </div>  <div class="author-block__wrapper"> <div class="author-block__content"> <div class="author-block__about"> About the Author </div> <h3 class="author-block__name"> <a href="https://news.sophos.com/en-us/author/jagadeesh-chandraiah/" title="Posts by Jagadeesh Chandraiah" class="author url fn" rel="author">Jagadeesh Chandraiah</a> </h3> <div class="author-block__bio"> <p>Jagadeesh Chandraiah is a nine-year veteran of SophosLabs, specializing in Windows and mobile malware analysis. Jagadeesh regularly presents his research at international security conferences like DeepSec, AVAR, CARO, and Virus Bulletin. Outside of work, Jagadeesh enjoys playing badminton.</p> </div>  </div> </div> </div>  </div> </div> </div> <div class="pb-24 bg-white"> <div class="container"> <div class="max-w-5xl mx-auto"> <h3 class="text-style-h2 md:my-8 my-4"> Read Similar Articles </h3> <div class="article-grid article-grid--3-column">  <article id="post-75410" class="hover:shadow-lg dark:bg-sophos-gray-900 border-sophos-gray-200 flex flex-col overflow-hidden text-gray-700 transition-all bg-white border rounded-md shadow-md post-75410 post type-post status-publish format-standard has-post-thumbnail hentry category-security-operations tag-encryption tag-mtr tag-ransomware tag-security tag-sidebar tag-sophos-rapid-response region-en-us">  <a class="aspect-w-16 aspect-h-9 flex block bg-gray-400 bg-right bg-no-repeat bg-cover" href="https://news.sophos.com/en-us/2021/05/24/what-to-expect-when-youve-been-hit-with-avaddon-ransomware/" rel="bookmark" style=" background-image: url('https://news.sophos.com/wp-content/uploads/2021/05/sophos-ransomware-web-banner-1200x628px-option-2.png?w=640'); " ></a>  <div class="flex flex-col justify-between flex-grow">  <div class="sm:px-8 sm:py-8 p-4 py-6">  <div class="text-sophos-blue-600 font-sansMedium mb-2 text-xs leading-tight uppercase truncate" > May 24, 2021 </div>  <h2 class="text-style-h2 line-clamp-3 sm:mb-4 sm:text-2xl sm:leading-snug text-lg leading-tight text-gray-700"><a href="https://news.sophos.com/en-us/2021/05/24/what-to-expect-when-youve-been-hit-with-avaddon-ransomware/" rel="bookmark" class="dark:text-white font-sansSemiBold font-semibold text-gray-900 no-underline cursor-pointer">What to expect when you鈥檝e been hit with Avaddon ransomware</a></h2>  </div> </div> </article>  <article id="post-75301" class="hover:shadow-lg dark:bg-sophos-gray-900 border-sophos-gray-200 flex flex-col overflow-hidden text-gray-700 transition-all bg-white border rounded-md shadow-md post-75301 post type-post status-publish format-standard has-post-thumbnail hentry category-products-services tag-intercept-x tag-sidebar tag-sophos-edr tag-sophos-xdr region-en-us">  <a class="aspect-w-16 aspect-h-9 flex block bg-gray-400 bg-right bg-no-repeat bg-cover" href="https://news.sophos.com/en-us/2021/05/19/whats-new-in-sophos-edr-4-0/" rel="bookmark" style=" background-image: url('https://news.sophos.com/wp-content/uploads/2021/05/sophos-edr-news-blog-image-838x440px@2x.png?w=640'); " ></a>  <div class="flex flex-col justify-between flex-grow">  <div class="sm:px-8 sm:py-8 p-4 py-6">  <div class="text-sophos-blue-600 font-sansMedium mb-2 text-xs leading-tight uppercase truncate" > May 19, 2021 </div>  <h2 class="text-style-h2 line-clamp-3 sm:mb-4 sm:text-2xl sm:leading-snug text-lg leading-tight text-gray-700"><a href="https://news.sophos.com/en-us/2021/05/19/whats-new-in-sophos-edr-4-0/" rel="bookmark" class="dark:text-white font-sansSemiBold font-semibold text-gray-900 no-underline cursor-pointer">What’s New in Sophos EDR 4.0</a></h2>  </div> </div> </article>  <article id="post-75396" class="hover:shadow-lg dark:bg-sophos-gray-900 border-sophos-gray-200 flex flex-col overflow-hidden text-gray-700 transition-all bg-white border rounded-md shadow-md post-75396 post type-post status-publish format-standard has-post-thumbnail hentry category-products-services tag-sidebar tag-sophos-xdr tag-xdr region-en-us">  <a class="aspect-w-16 aspect-h-9 flex block bg-gray-400 bg-right bg-no-repeat bg-cover" href="https://news.sophos.com/en-us/2021/05/19/sophos-xdr-driven-by-data/" rel="bookmark" style=" background-image: url('https://news.sophos.com/wp-content/uploads/2021/05/sophos-xdr.png?w=640'); " ></a>  <div class="flex flex-col justify-between flex-grow">  <div class="sm:px-8 sm:py-8 p-4 py-6">  <div class="text-sophos-blue-600 font-sansMedium mb-2 text-xs leading-tight uppercase truncate" > May 19, 2021 </div>  <h2 class="text-style-h2 line-clamp-3 sm:mb-4 sm:text-2xl sm:leading-snug text-lg leading-tight text-gray-700"><a href="https://news.sophos.com/en-us/2021/05/19/sophos-xdr-driven-by-data/" rel="bookmark" class="dark:text-white font-sansSemiBold font-semibold text-gray-900 no-underline cursor-pointer">Sophos XDR: Driven by data</a></h2>  </div> </div> </article> </div> </div> </div> </div>  <div class="bg-sophos-gray-50 px-4 pt-16 pb-8" id="comments"> <div class="container max-w-4xl bg-white py-6 md:py-16 rounded-md"> <h2 class="text-style-h2-lg mb-6 md:mb-12"> <span>5</span> Comments </h2> <section class="comments-list"> <article class="comment even thread-even depth-1 " id="comment-58357" itemprop="comment" itemscope itemtype="http://schema.org/Comment"> <div class="comment-wrapper"> <figure class="gravatar"><img alt='' src='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-two.png' srcset='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-two.png 2x' class='avatar avatar-60 photo' height='60' width='60' /></figure> <div class="comment-meta post-meta" role="complementary"> <h2 class="comment-author"> sheka </h2> <time class="comment-meta-item" datetime="2018-07-23T16:28-04:00" itemprop="datePublished"><a href="#comment-58357" itemprop="url">23 July 2018 at 4:28 pm</a></time> </div> <div class="comment-content post-content" itemprop="text"> <p>I hope that sophos labs encourage both vertical and lateral thinking to combat cyber security issues. </p> <p>In today’s complex world both ends of thought are crucial for an organisation to survive.</p> <p>Thank you.</p> </div> </div> </article> <article class="comment odd alt thread-odd thread-alt depth-1 " id="comment-58549" itemprop="comment" itemscope itemtype="http://schema.org/Comment"> <div class="comment-wrapper"> <figure class="gravatar"><img alt='' src='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-three.png' srcset='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-two.png 2x' class='avatar avatar-60 photo avatar-default' height='60' width='60' /></figure> <div class="comment-meta post-meta" role="complementary"> <h2 class="comment-author"> PK </h2> <time class="comment-meta-item" datetime="2018-07-26T22:10-04:00" itemprop="datePublished"><a href="#comment-58549" itemprop="url">26 July 2018 at 10:10 pm</a></time> </div> <div class="comment-content post-content" itemprop="text"> <p>Nice one Jag!</p> </div> </div> </article> <article class="comment even thread-even depth-1 parent " id="comment-58604" itemprop="comment" itemscope itemtype="http://schema.org/Comment"> <div class="comment-wrapper"> <figure class="gravatar"><img alt='' src='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-two.png' srcset='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-two.png 2x' class='avatar avatar-60 photo' height='60' width='60' /></figure> <div class="comment-meta post-meta" role="complementary"> <h2 class="comment-author"> Sheka </h2> <time class="comment-meta-item" datetime="2018-07-27T11:34-04:00" itemprop="datePublished"><a href="#comment-58604" itemprop="url">27 July 2018 at 11:34 am</a></time> </div> <div class="comment-content post-content" itemprop="text"> <p>Regarding topic on “red alert 2.0 android version ….. trojan” Please provide details of the vpn clients (including ) it’s name for accuracy purposes.<br /> since providing accurate information would gravely minimise use risk in downloading rouge apps and software, unless it has any monetary benefits to respective parties.</p> <p>Prevention is better than cure.</p> <p>Thank you</p> </div> </div> <section class="child-comments comments-list"> <article class="comment byuser comment-author-andrewbrandt odd alt depth-2 parent bystaff" id="comment-58697" itemprop="comment" itemscope itemtype="http://schema.org/Comment"> <div class="comment-wrapper"> <figure class="gravatar"><img alt='' src='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-one.png' srcset='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-three.png 2x' class='avatar avatar-60 photo' height='60' width='60' /></figure> <div class="comment-meta post-meta" role="complementary"> <h2 class="comment-author"> Andrew Brandt </h2> <time class="comment-meta-item" datetime="2018-07-30T11:03-04:00" itemprop="datePublished"><a href="#comment-58697" itemprop="url">30 July 2018 at 11:03 am</a></time> </div> <div class="comment-content post-content" itemprop="text"> <p>The legitimate VPN software is named “VPN Proxy Master” and the counterfeit, malicious version is called “Free VPN Master Android”</p> </div> </div> <section class="child-comments comments-list"> <article class="comment even depth-3 " id="comment-58702" itemprop="comment" itemscope itemtype="http://schema.org/Comment"> <div class="comment-wrapper"> <figure class="gravatar"><img alt='' src='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-two.png' srcset='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-two.png 2x' class='avatar avatar-60 photo' height='60' width='60' /></figure> <div class="comment-meta post-meta" role="complementary"> <h2 class="comment-author"> sheka </h2> <time class="comment-meta-item" datetime="2018-07-30T12:49-04:00" itemprop="datePublished"><a href="#comment-58702" itemprop="url">30 July 2018 at 12:49 pm</a></time> </div> <div class="comment-content post-content" itemprop="text"> <p>Dear Andrew,<br /> Thank you for the reply.<br /> What I meant was that there are many VPN software’s both legit and illegitimate, which sometimes trick users into installing them. Whereas some legit VPNs have free limitations that you have to pay to get the full usability of them.</p> <p>All in all the software industry as with all the rest consist of continuous development and research to curb attacks and ensure privacy (but limited to its functionalities either intentionally or otherwise since money is needed for research and development including competitive marketing of such.)</p> <p>There is no silver bullet to information security but mitigation strategies and continuous improvement in progressive manner.</p> <p>Therefore in this competitive commercial environment to be the head of the pack, continuous research is needed in realistic manner in diversified environments, in which money plays an important role on how much an organisation is willing to spend.</p> <p>Thank you</p> </div> </div> </article></section></article></section></article></section> </div> <p class="no-comments">Comments are closed.</p> <div class="container max-w-2xl py-6 md:py-16"> </div> </div> </div> </main> </div> </div>  <div class="bg-sophos-gray-50 md:py-16 px-4 pb-4 pt-8"> <div class="container max-w-2xl" x-show="!subscribed"> <div class="text-style-h2-lg"> Subscribe to get the latest updates in your inbox. </div> <div id="mc_embed_shell"> <link href="//cdn-images.mailchimp.com/embedcode/classic-061523.css" rel="stylesheet" type="text/css"> <style type="text/css"> /* Add your own Mailchimp form style overrides in your site stylesheet or in this style block. We recommend moving this block and the preceding CSS link to the HEAD of your HTML file. */ #mc_embed_signup form, #mc_embed_signup #mc-embedded-subscribe-form div.mce_inline_error { margin:0; background: transparent; } #mc_embed_signup input { border-color: rgba(240, 242, 244, var(--tw-border-opacity)); } #mc_embed_signup input#mc-embedded-subscribe { border-radius: 9999px; } #mc-embedded-subscribe { margin-left:0; } #mc_embed_signup .mc-field-group.input-group input { height:1rem; width:1rem; } #mc_embed_signup #mc-embedded-subscribe-form input.mce_inline_error { border-color: rgba( 209, 213, 219, var( --tw-border-opacity ) );} #mc_embed_signup #mce-success-response { display: block; color: #fff; font-weight: normal; padding: .75rem 1rem; margin: 0; } #mc_embed_signup div#mce-responses { padding: 0; width: 100%; margin: .5rem 0; } #mc_embed_signup div.response { width:100%; padding: .75rem 1rem; font-weight: normal; } </style> <div id="mc_embed_signup"> <form action="https://sophos.us2.list-manage.com/subscribe/post?u=2a2849a8c809119f4bd4929cc&id=8d6471d831&f_id=007062e1f0" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank"> <div id="mc_embed_signup_scroll"> <div class="mc-field-group"> <input type="email" name="EMAIL" class="required email" id="mce-EMAIL" required="" value="" placeholder="name@email.com"> <div id="mce-responses" class="clear flex flex-col my-6"> <div class="response font-sansMedium px-4 py-3 mt-2 text-sm font-medium text-white bg-black border rounded-md" id="mce-error-response" style="display: none;"></div> <div class="response font-sansMedium px-4 py-3 mt-2 text-sm font-medium text-white bg-black border rounded-md" id="mce-success-response" style="display: none;"></div> </div> </div> <div class="mc-field-group input-group mb-4 text-lg"> Which categories are you interested in? <ul> <li><input type="checkbox" name="group[3][1]" id="mce-group[3]-3-0" value=""><label for="mce-group[3]-3-0" class="text-style-form-label ml-2">Products and Services</label></li> <li><input type="checkbox" name="group[3][2]" id="mce-group[3]-3-1" value=""><label for="mce-group[3]-3-1" class="text-style-form-label ml-2">Threat Research</label></li> <li><input type="checkbox" name="group[3][4]" id="mce-group[3]-3-2" value=""><label for="mce-group[3]-3-2" class="text-style-form-label ml-2">Security Operations</label></li> <li><input type="checkbox" name="group[3][8]" id="mce-group[3]-3-3" value=""><label for="mce-group[3]-3-3" class="text-style-form-label ml-2">AI Research</label></li> <li><input type="checkbox" name="group[3][16]" id="mce-group[3]-3-4" value=""><label for="mce-group[3]-3-4" class="text-style-form-label ml-2">#SophosLife</label></li> </ul> </div> <div aria-hidden="true" style="position: absolute; left: -5000px;"> <input type="text" name="b_2a2849a8c809119f4bd4929cc_8d6471d831" tabindex="-1" value=""> </div> <div class="clear"> <input type="submit" name="subscribe" id="mc-embedded-subscribe" class="round-button round-button--primary" value="Subscribe"> </div> </div> </form> </div> </div> </div> </div> <footer class="bg-white border-t border-sophos-gray-200 " x-data="{ languageMenu: false, privacyMenu: false, legalMenu: false }" > <div class="container"> <div class="md:flex-row md:items-center flex flex-col justify-between py-8"> <div class="flex items-baseline flex-grow space-x-6">  <div class="relative mr-auto"> <a href="#" class="whitespace-nowrap font-sansMedium text-sophos-gray-600 inline-block text-xs font-medium leading-tight" @click.prevent="languageMenu = !languageMenu" @click.away="languageMenu = false" > Change Region <svg xmlns="http://www.w3.org/2000/svg" width="8" height="4" class="inline-block transition-transform transform" :class="{'rotate-180': languageMenu }" > <path fill="#7F8C9D" fill-rule="evenodd" d="M4 2.178L5.915.262a.708.708 0 01.996 0 .702.702 0 010 .995L4.75 3.415A.7.7 0 014 3.94a.702.702 0 01-.751-.524l-2.16-2.158a.702.702 0 11.996-.995L4 2.178z" /> </svg> </a>  <div class="focus:outline-none border-sophos-gray-200 absolute bottom-0 left-0 w-48 px-4 py-1 py-4 mb-8 -ml-4 origin-bottom-left bg-white border rounded-md shadow-md" role="menu" aria-orientation="vertical" aria-labelledby="user-menu" x-show="languageMenu" x-cloak x-transition:enter="transition-all ease-out duration-100" x-transition:enter-start="transform opacity-0 scale-95" x-transition:enter-end="transform opacity-100 scale-100" x-transition:leave="transition ease-in duration-75" x-transition:leave-start="transform opacity-100 scale-100" x-transition:leave-end="transform opacity-0 scale-95" > <ul class="font-sansMedium text-sophos-gray-600 space-y-1 text-xs font-medium" > <li> <a href="https://news.sophos.com/es-419"> Am茅rica Latina </a> </li> <li> <a href="https://news.sophos.com/pt-br"> Brasil </a> </li> <li> <a href="https://news.sophos.com/de-de"> Deutschland </a> </li> <li> <a href="https://news.sophos.com/en-us"> English </a> </li> <li> <a href="https://news.sophos.com/fr-fr"> France </a> </li> <li> <a href="https://news.sophos.com/es-es"> Iberia </a> </li> <li> <a href="https://news.sophos.com/it-it"> Italia </a> </li> <li> <a href="https://news.sophos.com/ja-jp"> Japan </a> </li> </ul> </div> </div>  <a href="https://www.sophos.com/en-us/legal/sophos-website.aspx" class="whitespace-nowrap font-sansMedium text-sophos-gray-600 inline-block ml-auto text-xs font-medium leading-tight" >Terms</a >  <span class="relative"> <a href="#" class="whitespace-nowrap font-sansMedium text-sophos-gray-600 inline-block text-xs font-medium leading-tight" @click.prevent="privacyMenu = !privacyMenu" @click.away="privacyMenu = false" > Privacy <svg xmlns="http://www.w3.org/2000/svg" width="8" height="4" class="inline-block transition-transform transform" :class="{'rotate-180': privacyMenu }" > <path fill="#7F8C9D" fill-rule="evenodd" d="M4 2.178L5.915.262a.708.708 0 01.996 0 .702.702 0 010 .995L4.75 3.415A.7.7 0 014 3.94a.702.702 0 01-.751-.524l-2.16-2.158a.702.702 0 11.996-.995L4 2.178z" /> </svg> </a> <div class="focus:outline-none border-sophos-gray-200 absolute bottom-0 left-0 w-48 px-4 py-1 py-4 mb-8 -ml-4 origin-bottom-left bg-white border rounded-md shadow-md" role="menu" aria-orientation="vertical" aria-labelledby="user-menu" x-show="privacyMenu" x-cloak x-transition:enter="transition-all ease-out duration-100" x-transition:enter-start="transform opacity-0 scale-95" x-transition:enter-end="transform opacity-100 scale-100" x-transition:leave="transition ease-in duration-75" x-transition:leave-start="transform opacity-100 scale-100" x-transition:leave-end="transform opacity-0 scale-95" > <ul class="font-sansMedium text-sophos-gray-600 space-y-1 text-xs font-medium" > <li> <a href="https://www.sophos.com/en-us/legal/sophos-group-privacy-policy.aspx" > Privacy Notice </a> </li> <li> <a href="https://www.sophos.com/en-us/legal/cookie-information.aspx" > Cookies </a> </li> </ul> </div> </span>  <span class="relative"> <a href="#" class="whitespace-nowrap font-sansMedium text-sophos-gray-600 inline-block text-xs font-medium leading-tight" @click.prevent="legalMenu = !legalMenu" @click.away="legalMenu = false" > Legal <svg xmlns="http://www.w3.org/2000/svg" width="8" height="4" class="inline-block transition-transform transform" :class="{'rotate-180': legalMenu }" > <path fill="#7F8C9D" fill-rule="evenodd" d="M4 2.178L5.915.262a.708.708 0 01.996 0 .702.702 0 010 .995L4.75 3.415A.7.7 0 014 3.94a.702.702 0 01-.751-.524l-2.16-2.158a.702.702 0 11.996-.995L4 2.178z" /> </svg> </a> <div class="focus:outline-none border-sophos-gray-200 absolute bottom-0 left-0 w-48 px-4 py-1 py-4 mb-8 -ml-4 origin-bottom-left bg-white border rounded-md shadow-md" role="menu" aria-orientation="vertical" aria-labelledby="user-menu" x-show="legalMenu" x-cloak x-transition:enter="transition-all ease-out duration-100" x-transition:enter-start="transform opacity-0 scale-95" x-transition:enter-end="transform opacity-100 scale-100" x-transition:leave="transition ease-in duration-75" x-transition:leave-start="transform opacity-100 scale-100" x-transition:leave-end="transform opacity-0 scale-95" > <ul class="font-sansMedium text-sophos-gray-600 space-y-1 text-xs font-medium" > <li> <a href="https://www.sophos.com/en-us/legal.aspx" > General </a> </li> <li> <a href="https://www.sophos.com/en-us/legal/modern-slavery-act-transparency-statement.aspx" > Modern Slavery Statement </a> </li> <li> <a href="https://secure.ethicspoint.eu/domain/media/en/gui/104916/index.html" > Speak Out </a> </li> </ul> </div> </span>  <div class="md:ml-6 mt-2 md:mt-0"> <span class="whitespace-nowrap font-sansMedium text-sophos-gray-600 inline-block text-xs font-medium leading-tight" > © 1997 - 2024 Sophos Ltd. All rights reserved </span> </div> </div> </div> </div> </div> </footer> <div id="amp-mobile-version-switcher" hidden> <a rel="" href="https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/?amp=1"> Go to mobile version </a> </div> <script type="text/javascript" id="sophos-js-core-js-extra"> /* <![CDATA[ */ var PG8Data = {"startPage":"1","maxPages":"1","nextLink":""}; /* ]]> */ </script> <script type="text/javascript" src="https://news.sophos.com/_static/??-eJyVjFEOwiAQBS8ku0Ka1H4Yz0LIpgVlIexqPb6YXqAk72sy83CvJhRWYkXdKJOglLoVYdrFuKudMUlfl8ozkvk4cGA7gANAkgue+gilDdj01eblvH8geGt8jVfB5+rjysNh9U2Z2nC3+uHkz3r0yHc7O7dM9rZM6Qegq6BH" ></script><script type="text/javascript" src="https://unpkg.com/alpinejs@2.8.1/dist/alpine.js?ver=2.0.3" id="alpine-js-js"></script> <script type="text/javascript" src="https://news.sophos.com/wp-content/themes/sophosnews-2017/js/sophos-mc-validate.js?m=1730121999g" ></script><script type="text/javascript" src="https://stats.wp.com/e-202447.js" id="jetpack-stats-js" data-wp-strategy="defer"></script> <script type="text/javascript" id="jetpack-stats-js-after"> /* <![CDATA[ */ _stq = window._stq || []; _stq.push([ "view", JSON.parse("{\"v\":\"ext\",\"blog\":\"166161023\",\"post\":\"48556\",\"tz\":\"-5\",\"srv\":\"news.sophos.com\",\"hp\":\"vip\",\"j\":\"1:13.9.1\"}") ]); _stq.push([ "clickTrackerInit", "166161023", "48556" ]); /* ]]> */ </script> </body> </html>