Security expert dismisses RedDrop Android malware as "nothing new"

Researchers claim it extracts a 'devastating' amount of data, but victims would need to grant many permissions to let it

A red Android mascot

Security experts claim to have uncovered "one of the most sophisticated pieces of Android malware ever seen", which is apparently able to steal people's videos, files, contacts and much more direct from their devices.

RedDrop is a vulnerability unearthed by researchers at enterprise mobile security firm Wandera, who warned that RedDrop is particularly dangerous due to it having an extensive network of supporting infrastructure that allows it to disguise itself as various mobile apps.

It was discovered when an employee from a major US consulting firm used a mobile web browser to click on a link displayed on Chinese search engine Baidu, the fourth most visited site in the world. The user was then directed to a site displaying adult content, which was detected as suspicious by Wandera's security engine MI:RIAM.

"Upon further investigation, Wandera discovered [over] 53 seemingly innocent looking apps that front-end the malware, as well as an intricate distribution network of [more than] 3,000 registered to the same group, used to maximise reach to end-user devices," the researchers said.

Once it is fully installed, RedDrop can extract a "devastating amount" of personal data, including live recordings of the infected device's surroundings, files, photos, contacts, device intelligence, application data and Wi-Fi information.

The malware also makes the victim unwittingly submit expensive SMS messages to a premium service.

"The exfiltrated data is then transmitted to the attacker's personal Dropbox or Google Drive folder - without arousing any suspicion," the firm said, adding that any user on an Android device could fall victim to the RedDrop family of malware.

"RedDrop is one of the most sophisticated pieces of Android malware that we have seen in broad distribution and with such an extensive network of supporting infrastructure."

To protect yourself from the malware, Wandera advises people should disable third-party app stores, unless absolutely necessary for business functionality. Enterprise devices should also be equipped with a security tool that provides visibility into the network traffic, the company added, so additional downloads from unofficial sites, command and control and data exfiltration connections can be identified and blocked.

But Craig Young, computer security researcher for Tripwire's Vulnerability and Exposures Research Team, dismissed RedDrop as "a very amateur trial run" that would require victims to install malicious apps and grant plenty of permission requests for it to steal data.

"There is nothing new about this malware," he added. "Android users do not need to do anything more than normal to guard against this threat. Default settings on all supported releases of Android should be pretty well protected against by installing only from trusted sources and leaving Google Play Protect enabled. It is also of course important to be mindful about what permissions are requested by apps.

"With Android 6 (released 2015), apps will request permissions at runtime which should make it abundantly obvious when a malicious app wants to do something like sending SMS or recording audio. Users of older Android releases must rely instead on reviewing the requested permissions at install time to confirm that they are appropriate for the app."

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Jack Dorsey resigns as Twitter CEO
business management

Jack Dorsey resigns as Twitter CEO

29 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021