A new Android malware strain called RedDrop is now available with an extensive range of malicious actions, such as those causing financial loss and data loss on infected devices. This malware, detected in more than 53 apps, was initially spotted by UK mobile security firm Wandera on the phones of employees of a number of global consultancy firms. It was found to be more popular in China and the creators of this malware used over 4,000 domains to distribute it.
RedDrop is capable of recording nearby audio and then uploading the data to cloud-storage accounts on Google Drive and Dropbox. This malware can also steal sensitive data such as contacts, photos, images, application data from victim’s device, and nearby WiFi networks data. Some of the other malicious applications include practical tools like image editors and calculators and also more recreational apps dealing with topics like learning new languages or space exploration.
Even though it had an impressive range of intrusive features that could effortlessly classify it as spyware, the RedDrop malware was not part of a cyber-espionage operation but was initially for subscribing users to premium SMS numbers that netted the RedDrop authors a profit.
The RedDrop Malware affects a device through the following ways:
- Users searching for Android app in Baidu.
- When the user clicks on poisoned search results, it redirects via a number of URL’s and then reaches the store.
- Once the new app is installed and opened, it sends device details to C&C servers. Seven other apps with malicious functions get installed silently at a later stage.
- It requests invasive permissions to prevent requesting permission again from users.
- It makes a victim’s phone subscribe to premium SMS service and can destroy the incoming SMS.
- It also steals saved files such as images, photos, and contacts.
- Records device surrounding sounds, SIM info, device info, application and network data.
- The stolen data gets uploaded into remote file storage systems for use in blackmailing and extortion purposes.
What Happens to the Stolen Data?
Researchers generally assume that the RedDrop records a user’s nearby audio and steals personal files if its author desires to use this stolen data in order to blackmail some of the infected users if RedDrop succeeds in infecting a businessman, politician, or a wealthy person.
Non-Chinese or Chinese users who want to prevent falling victims to such apps are advised to ensure that device settings disallow third-party app installations, besides triple-checking an app’s permissions before installing it and preventing the rooting of their own devices.
For instance, CuteActress is considered to be one of the most absurd apps.
According to Wandera researchers, “The CuteActress app ostensibly functions as an adult-themed game in which the user must rub the screen in order to reveal a seductively-dressed female.” They further state that, “Each time the screen is ‘rubbed,’ the user is unknowingly sending an SMS message to a premium service.”
Why is the RedDrop Increasingly Active in China?
There is no official Google Play Store in China and hence the malware is mainly active in China. Generally, users in China depend on search engines to detect apps, and this indeed is considered to be main distribution method employed by RedDrop.
A smartphone basically helps us to stay in touch with family and friends, play the latest games, and update ourselves with the weather and news. Despite allowing effortless tasks, a smartphone has its own set of risks especially when it is stolen. Your whole identity is almost lost including sensitive and personal data and online and bank accounts. Downloading a malicious app can also result in similar consequences. To prevent such malware from entering your phones, you can probably install a free antivirus software. A virus scan will thus help in malware removal and keep your device secure.
Some of following defence measures will help protect and secure your devices:
- Encrypt your devices
- Ensure to make frequent backups of vital data
- Install anti-malware on your devices
- Stay strict with CIA Cycle
- Download applications from trusted sources
- Keep yourself updated with the latest version
- Think twice before giving permission asked for by applications