Security expert dismisses RedDrop Android malware as "nothing new"

Researchers claim it extracts a 'devastating' amount of data, but victims would need to grant many permissions to let it

Security experts claim to have uncovered "one of the most sophisticated pieces of Android malware ever seen", which is apparently able to steal people's videos, files, contacts and much more direct from their devices.

RedDrop is a vulnerability unearthed by researchers at enterprise mobile security firm Wandera, who warned that RedDrop is particularly dangerous due to it having an extensive network of supporting infrastructure that allows it to disguise itself as various mobile apps.

Advertisement - Article continues below

It was discovered when an employee from a major US consulting firm used a mobile web browser to click on a link displayed on Chinese search engine Baidu, the fourth most visited site in the world. The user was then directed to a site displaying adult content, which was detected as suspicious by Wandera's security engine MI:RIAM.

"Upon further investigation, Wandera discovered [over] 53 seemingly innocent looking apps that front-end the malware, as well as an intricate distribution network of [more than] 3,000 registered to the same group, used to maximise reach to end-user devices," the researchers said.

Once it is fully installed, RedDrop can extract a "devastating amount" of personal data, including live recordings of the infected device's surroundings, files, photos, contacts, device intelligence, application data and Wi-Fi information.

Advertisement - Article continues below

The malware also makes the victim unwittingly submit expensive SMS messages to a premium service.

"The exfiltrated data is then transmitted to the attacker's personal Dropbox or Google Drive folder - without arousing any suspicion," the firm said, adding that any user on an Android device could fall victim to the RedDrop family of malware.

Advertisement - Article continues below

"RedDrop is one of the most sophisticated pieces of Android malware that we have seen in broad distribution and with such an extensive network of supporting infrastructure."

To protect yourself from the malware, Wandera advises people should disable third-party app stores, unless absolutely necessary for business functionality. Enterprise devices should also be equipped with a security tool that provides visibility into the network traffic, the company added, so additional downloads from unofficial sites, command and control and data exfiltration connections can be identified and blocked.

But Craig Young, computer security researcher for Tripwire's Vulnerability and Exposures Research Team, dismissed RedDrop as "a very amateur trial run" that would require victims to install malicious apps and grant plenty of permission requests for it to steal data.

"There is nothing new about this malware," he added. "Android users do not need to do anything more than normal to guard against this threat. Default settings on all supported releases of Android should be pretty well protected against by installing only from trusted sources and leaving Google Play Protect enabled. It is also of course important to be mindful about what permissions are requested by apps.

Advertisement - Article continues below

"With Android 6 (released 2015), apps will request permissions at runtime which should make it abundantly obvious when a malicious app wants to do something like sending SMS or recording audio. Users of older Android releases must rely instead on reviewing the requested permissions at install time to confirm that they are appropriate for the app."

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now



Evasive malware threats doubled in 2019

24 Mar 2020

Best free malware removal tools 2019

2 Mar 2020

Best antivirus for Windows 10

3 Sep 2019

Most Popular

video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
cyber security

Microsoft gobbles up domain to keep it from hackers

8 Apr 2020