diff --git a/clusters/android.json b/clusters/android.json
index 22d4903..66fcf07 100644
--- a/clusters/android.json
+++ b/clusters/android.json
@@ -57,7 +57,8 @@
       "description": "The trojan waits in hiding until the user opens a banking or social media app. When this happens, the trojan shows an HTML-based overlay on top of the original app, alerting the user of an error, and asking to reauthenticate. Red Alert then collects the user's credentials and sends them to its C&C server.",
       "meta": {
         "refs": [
-          "https://www.bleepingcomputer.com/news/security/researchers-discover-new-android-banking-trojan/"
+          "https://www.bleepingcomputer.com/news/security/researchers-discover-new-android-banking-trojan/",
+          "https://www.threatfabric.com/blogs/new_android_trojan_targeting_over_60_banks_and_social_apps.html"
         ]
       },
       "related": [
@@ -66,8 +67,12 @@
           "tags": [
             "estimative-language:likelihood-probability=\"likely\""
           ],
-          "type": "similar"
-        }
+          "type": "similar",
+          "synonyms": [
+            "Red Alert 2"
+            "Red Alert 2.0"
+          ]
+        },
       ],
       "uuid": "d10f8cd5-0077-4d8f-9145-03815a68dd33",
       "value": "RedAlert2"