RedDrop malware: After so many years of blogging we can be proud that we have never used terms like "Caution" in titles unless there is a good reason. The recently discovered RedDrop malware for Android is a very serious reason.
Malware works "underground" steals sensitive data from infected devices (including recorded phone calls) and stores them in Cloud storage accounts.
But it does not only do that…
RedDrop acts as a spyware spyware, collecting information from the device, as well as recording from the victim's environment, of course with all the data included in the device: photos, contacts, notes, stored Wi-Fi networks and nearby hotspots.
Researchers from the security company Wandera, who revealed it, refer to it as "one of the most advanced malware for Android". When RedDrop is installed no one realizes that their device is infected until they get the first bill…
The malware secretly sends SMS messages to a service that charges for them, in addition to all the spyware activities we mentioned above. The security firm reports that the malware is so smart, that immediately after the Mission of an SMS is careful to hide all evidence of the messages that have been sent.
In total, 53 applications used to distribute malware have been discovered.
RedDrop distributes these games: Space Game Free, Video Blocker, Cosmos FM, Plus Italy, Paint It Hot Tone and Ninja Slice. None of these apps comes from the official Google Play Store, but from Third Party Stores.
However, to direct the user to the malware the researchers found that the scammers use a complex network which contains over 3.000 domains linked together in an attempt to bypass and prevent detection techniques to increase the chances of the malware being successfully installed on a device.
The initial download is simply a dropper, which when opened and run, will connect to a command and control (C&C) server to download additional files.
When the spyware is installed it starts collecting the data we mentioned above and saves it to Dropbox or Google Drive. At the same time it starts to uses and sending SMS.
The combination of these actions is extremely destructive, both for the victim's privacy and for his financial situation.
Currently, it is not known exactly what the RedDrop team is (except for obvious financial gain), but their interest in data theft and sound recordings from infected devices indicates interest in espionage. As the team seems to have enough human resources that is capable of deploying too many applications, it also maintains sophisticated malware.
