Security expert dismisses RedDrop Android malware as "nothing new"

Researchers claim it extracts a 'devastating' amount of data, but victims would need to grant many permissions to let it

Security experts claim to have uncovered "one of the most sophisticated pieces of Android malware ever seen", which is apparently able to steal people's videos, files, contacts and much more direct from their devices.

RedDrop is a vulnerability unearthed by researchers at enterprise mobile security firm Wandera, who warned that RedDrop is particularly dangerous due to it having an extensive network of supporting infrastructure that allows it to disguise itself as various mobile apps.

It was discovered when an employee from a major US consulting firm used a mobile web browser to click on a link displayed on Chinese search engine Baidu, the fourth most visited site in the world. The user was then directed to a site displaying adult content, which was detected as suspicious by Wandera's security engine MI:RIAM.

"Upon further investigation, Wandera discovered [over] 53 seemingly innocent looking apps that front-end the malware, as well as an intricate distribution network of [more than] 3,000 registered to the same group, used to maximise reach to end-user devices," the researchers said.

Once it is fully installed, RedDrop can extract a "devastating amount" of personal data, including live recordings of the infected device's surroundings, files, photos, contacts, device intelligence, application data and Wi-Fi information.

Advertisement - Article continues below
Advertisement - Article continues below

The malware also makes the victim unwittingly submit expensive SMS messages to a premium service.

"The exfiltrated data is then transmitted to the attacker's personal Dropbox or Google Drive folder - without arousing any suspicion," the firm said, adding that any user on an Android device could fall victim to the RedDrop family of malware.

"RedDrop is one of the most sophisticated pieces of Android malware that we have seen in broad distribution and with such an extensive network of supporting infrastructure."

To protect yourself from the malware, Wandera advises people should disable third-party app stores, unless absolutely necessary for business functionality. Enterprise devices should also be equipped with a security tool that provides visibility into the network traffic, the company added, so additional downloads from unofficial sites, command and control and data exfiltration connections can be identified and blocked.

But Craig Young, computer security researcher for Tripwire's Vulnerability and Exposures Research Team, dismissed RedDrop as "a very amateur trial run" that would require victims to install malicious apps and grant plenty of permission requests for it to steal data.

Advertisement - Article continues below

"There is nothing new about this malware," he added. "Android users do not need to do anything more than normal to guard against this threat. Default settings on all supported releases of Android should be pretty well protected against by installing only from trusted sources and leaving Google Play Protect enabled. It is also of course important to be mindful about what permissions are requested by apps.

"With Android 6 (released 2015), apps will request permissions at runtime which should make it abundantly obvious when a malicious app wants to do something like sending SMS or recording audio. Users of older Android releases must rely instead on reviewing the requested permissions at install time to confirm that they are appropriate for the app."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019

Best antivirus for Windows 10

3 Sep 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020