Frightening new Android malware causes concern for users

If you’re an Android user, you might want to pay attention to news of the recent, aggressive form of malware known as RedDrop. This Android-exclusive bug can steal a device’s photos, contacts, files, and other data, and is also able to record live audio and rack up massive phone bills for the victim, according to Tech Spot.

RedDrop was discovered by UK mobile security and data management firm, Wandera. Wandera said it found RedDrop was present on the phones of employees at several global consultancy firms, and that it is “one of the most sophisticated pieces of Android malware.”

Wandera researchers explained that users became vulnerable after clicking an ad that redirected them to a distribution site, which encourages visitors to download one of the 53 malicious RedDrop apps. Wandera explained that, “The malware’s creators use a content distribution network of over 4000 domains to distribute the applications, which are disguised as calculators, image editors, language learning aids, games, and adult content.”

“We believe the group developed this complex CDN [content distribution network] to obfuscate where the malware was served from, making it harder for security teams to detect the source of the threat,” the researchers told Tech Spot.

If you install one of the malicious RedDrop apps, you’ll be asked to interact with it in some way. For example, one app, called “CuteActress,” asks users to rub the screen and reveal a seductively-dressed woman. Well, for every rub, your device is unwittingly sending an SMS message to a premium-rate service. Meanwhile, the malware deletes all records of the message being sent, so you’re not likely to become keen to the scam.

According to Tech Spot, RedDrop malware will “harvest data such as local files (photos/contact etc.), SIM info, app and WiFi info, and device details. It can also grab live audio recordings of local surroundings using a device’s microphone. The data is then sent back to the attackers’ Dropbox or Drive folders to use for extortion purposes or launch further attacks.”

Moral of the story? Be careful where you download your apps, and pay attention to what they’re asking. Wandera says concerned users should disallow third-party downloads, avoid rooting your device, and check which permissions apps request, and use a security solution that can monitor and block C&C traffic at the device level.

Source: – New Android malware can steal data, record audio, and send SMS messages to premium services
Published: February 28, 2018