RedDrop malware: After so many years of blogging we can be proud that we have never used terms like "Caution" in titles unless there is a good reason. The recently discovered RedDrop malware for Android is a very serious reason.
Malware works "underground" steals sensitive data from infected devices (including recorded phone calls) and stores them in Cloud storage accounts.
But it does not only do that…
RedDrop works like an eavesdropping spyware, collecting information from the device, but also audio recordings from the victim's environment, along with of course all the data included on the device: photos, contacts, notes, saved Wi-Fi networks and nearby hotspots.
Researchers from the security company Wandera, who revealed it, refer to it as "one of the most advanced malware for Android". When RedDrop is installed no one realizes that their device is infected until they get the first bill…
Malware sends secret SMS messages to a service that charges them, in addition to all of the spyware activities mentioned above. The security company reports that malicious software is so smart that immediately after sending an SMS, it takes care to hide all the evidence of the messages that have been sent.
In total, 53 applications used to distribute malware have been discovered.
These apps distributed by RedDrop include: Space Game Free, Video Blocker, Cosmos FM, Plus Italy, Paint It Hot Tone and Ninja Slice. None of these apps are from official Google Play Store, but from third-party Stores.
However, in order to direct the user to malware, the researchers found that scammers use a complex network that contains over 3.000 domains linked together in an effort to bypass and prevent detection techniques to increase the chances of malware software successfully on a device.
The initial download is simply a dropper, which when opened and run, will connect to a command and control (C&C) server to download additional files.
When installed spyware starts collecting the data mentioned above and saves it to Dropbox or Google Drive. At the same time it starts to use SMS sending.
The combination of these actions is extremely destructive, both for the victim's privacy and for his financial situation.
At this time it is not known exactly what her goal is teams of RedDrop (besides the obvious financial gain), but their interest in theft data and audio recordings from the infected devices suggests an interest in espionage. As it seems, the group also has enough human resources that are capable of developing many applications and also maintaining advanced malicious software.letterthe.
