Security expert dismisses RedDrop Android malware as "nothing new"

Researchers claim it extracts a 'devastating' amount of data, but victims would need to grant many permissions to let it

Security experts claim to have uncovered "one of the most sophisticated pieces of Android malware ever seen", which is apparently able to steal people's videos, files, contacts and much more direct from their devices.

RedDrop is a vulnerability unearthed by researchers at enterprise mobile security firm Wandera, who warned that RedDrop is particularly dangerous due to it having an extensive network of supporting infrastructure that allows it to disguise itself as various mobile apps.

Advertisement - Article continues below

It was discovered when an employee from a major US consulting firm used a mobile web browser to click on a link displayed on Chinese search engine Baidu, the fourth most visited site in the world. The user was then directed to a site displaying adult content, which was detected as suspicious by Wandera's security engine MI:RIAM.

"Upon further investigation, Wandera discovered [over] 53 seemingly innocent looking apps that front-end the malware, as well as an intricate distribution network of [more than] 3,000 registered to the same group, used to maximise reach to end-user devices," the researchers said.

Once it is fully installed, RedDrop can extract a "devastating amount" of personal data, including live recordings of the infected device's surroundings, files, photos, contacts, device intelligence, application data and Wi-Fi information.

Advertisement
Advertisement - Article continues below

The malware also makes the victim unwittingly submit expensive SMS messages to a premium service.

"The exfiltrated data is then transmitted to the attacker's personal Dropbox or Google Drive folder - without arousing any suspicion," the firm said, adding that any user on an Android device could fall victim to the RedDrop family of malware.

Advertisement - Article continues below

"RedDrop is one of the most sophisticated pieces of Android malware that we have seen in broad distribution and with such an extensive network of supporting infrastructure."

To protect yourself from the malware, Wandera advises people should disable third-party app stores, unless absolutely necessary for business functionality. Enterprise devices should also be equipped with a security tool that provides visibility into the network traffic, the company added, so additional downloads from unofficial sites, command and control and data exfiltration connections can be identified and blocked.

But Craig Young, computer security researcher for Tripwire's Vulnerability and Exposures Research Team, dismissed RedDrop as "a very amateur trial run" that would require victims to install malicious apps and grant plenty of permission requests for it to steal data.

"There is nothing new about this malware," he added. "Android users do not need to do anything more than normal to guard against this threat. Default settings on all supported releases of Android should be pretty well protected against by installing only from trusted sources and leaving Google Play Protect enabled. It is also of course important to be mindful about what permissions are requested by apps.

Advertisement - Article continues below

"With Android 6 (released 2015), apps will request permissions at runtime which should make it abundantly obvious when a malicious app wants to do something like sending SMS or recording audio. Users of older Android releases must rely instead on reviewing the requested permissions at install time to confirm that they are appropriate for the app."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

30 Jun 2020
Visit/security/hacking/356152/searching-for-a-new-job-that-linkedin-job-offer-may-be-fake
hacking

Searching for a new job? That LinkedIn job offer may be fake

19 Jun 2020
Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020