Cybersecurity researchers have discovered a new Android malware that not only steals your personal data but records your calls.
Called RedDrop, the malware was found in 53 apps from third-party stores that included calculators, image editors, language teaching and even space exploration apps.
Researchers at mobile security firm Wandera found that all the infected apps requested invasive permissions and in particular, one permission that allows the malware to remain embedded even after reboots.
Once an unsuspecting victim starts using the infected phone RedDrop downloads more malicious Android Package Kits (APKs) including spyware, Trojan and data exfiltration functionality.
RedDrop then starts sending SMS text messages to a premium service in order to steal the victim’s money, all the while operating undetected.
Among the data stolen were photos, contact lists, IMEI and IMSI numbers, SIM card information and nearby WiFi networks.
The app is also able to make live recordings of a phone owner’s surroundings.
When all functionality is combined, RedDrop aims to extract valuable and damaging data from the victim. As soon as the information is collected, it is transmitted back to the attacker’s personal Dropbox or Drive folders to be used in their extortion schemes and as the foundation to launch further attacks.- Neil Campbell: Cybersecurity Researcher, Wandera Ltd
First spotted in China enticing victims into visiting a network hosting adult content sites, RedDrop is one of the most sophisticated Android malware discoveries to date.
It is still unknown who the authors are behind it.
But, as Wandera noted whoever built this malware had planned it exceedingly well.
This multifaceted hybrid attack is entirely unique. The malicious actor cleverly uses a seemingly helpful app to front an incredible complex operation with malicious intent. This is one of the most persistent Android malware variants we’ve seen.- Dr Michael Covington: VP of Product Strategy, Wandera Ltd
What to do now
Sadly dealing with malware-infected apps is just a part of modern life but there are a number of things we can do to minimise their impact.
Firstly, never buy apps from third-party stores. While malicious apps are found on Google Play Store and Apple’s App Store, they still remain the safest places to purchase apps.
You can also go into your phone’s Settings and block the installation of apps from unknown sources. Go to Settings¬Security and check that the slider is not set to Allow.
Always check through the permissions apps ask for. If anything seems wrong or unusual, it probably is.
And always keep your anti-virus software up-to-date and perhaps think about a security solution that can monitor and block Command & Control traffic.