Security expert dismisses RedDrop Android malware as "nothing new"

Researchers claim it extracts a 'devastating' amount of data, but victims would need to grant many permissions to let it

Security experts claim to have uncovered "one of the most sophisticated pieces of Android malware ever seen", which is apparently able to steal people's videos, files, contacts and much more direct from their devices.

RedDrop is a vulnerability unearthed by researchers at enterprise mobile security firm Wandera, who warned that RedDrop is particularly dangerous due to it having an extensive network of supporting infrastructure that allows it to disguise itself as various mobile apps.

It was discovered when an employee from a major US consulting firm used a mobile web browser to click on a link displayed on Chinese search engine Baidu, the fourth most visited site in the world. The user was then directed to a site displaying adult content, which was detected as suspicious by Wandera's security engine MI:RIAM.

"Upon further investigation, Wandera discovered [over] 53 seemingly innocent looking apps that front-end the malware, as well as an intricate distribution network of [more than] 3,000 registered to the same group, used to maximise reach to end-user devices," the researchers said.

Once it is fully installed, RedDrop can extract a "devastating amount" of personal data, including live recordings of the infected device's surroundings, files, photos, contacts, device intelligence, application data and Wi-Fi information.

The malware also makes the victim unwittingly submit expensive SMS messages to a premium service.

"The exfiltrated data is then transmitted to the attacker's personal Dropbox or Google Drive folder - without arousing any suspicion," the firm said, adding that any user on an Android device could fall victim to the RedDrop family of malware.

"RedDrop is one of the most sophisticated pieces of Android malware that we have seen in broad distribution and with such an extensive network of supporting infrastructure."

To protect yourself from the malware, Wandera advises people should disable third-party app stores, unless absolutely necessary for business functionality. Enterprise devices should also be equipped with a security tool that provides visibility into the network traffic, the company added, so additional downloads from unofficial sites, command and control and data exfiltration connections can be identified and blocked.

But Craig Young, computer security researcher for Tripwire's Vulnerability and Exposures Research Team, dismissed RedDrop as "a very amateur trial run" that would require victims to install malicious apps and grant plenty of permission requests for it to steal data.

"There is nothing new about this malware," he added. "Android users do not need to do anything more than normal to guard against this threat. Default settings on all supported releases of Android should be pretty well protected against by installing only from trusted sources and leaving Google Play Protect enabled. It is also of course important to be mindful about what permissions are requested by apps.

"With Android 6 (released 2015), apps will request permissions at runtime which should make it abundantly obvious when a malicious app wants to do something like sending SMS or recording audio. Users of older Android releases must rely instead on reviewing the requested permissions at install time to confirm that they are appropriate for the app."

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

'NetWalker' ransomware explodes thanks to 'as a service' expansion
ransomware

'NetWalker' ransomware explodes thanks to 'as a service' expansion

4 Sep 2020
Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Best antivirus for Windows 10
antivirus

Best antivirus for Windows 10

30 Jun 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020