Scam of the Week – Android gets hit with RedDrop

March 2, 2018 4:12 pm Roisin Mooney

A new Android threat that not only spied on devices but stole sensitive data and racked up huge phone bills was uncovered this week.

The malware, which was discovered by security researchers at Wandera, disguised 53 apps to appear as image editors, language learning apps and calculators.

“Each one is intricately built to provide entertaining or useful functionality – to act as a seemingly innocent guise for the malicious content stored within”.

Android ransomware is nothing new. A number of devices have had their share of attacks in the past, most notably the DoubleLocker scam last October, which was the first known Android ransomware that both encrypted the user’s files and locked the device by changing its PIN. You may also remember when a Smart TV was infected by Android ransomware on Christmas Day.

One of the RedDrop apps were uncovered by Wandera’s machine learning detectors, when a user clicked on an ad that was displayed on the popular Chinese search engine Baidu. This ad then led the user to huxiawang.cn – the main distribution site for the attack.

These apps, which Mandera refer to as part of the ‘RedDrop family’, request invasive permissions, which once granted, enabled the attacks to take place, without further interaction form the user.

The infected-apps were then able to gather sensitive information from the user including photos, contacts, notes and information about saved WiFi networks and nearby hotspots, all whilst live recording its surroundings, including access to the device’s microphone, meaning it could hear conversations that took place. Further to its spying and data collection, in one sample, each time the screen of the infected device was touched, an SMS message was sent to a premium service, incurring substantial charges. Even worse, the messages were automatically deleted, meaning the user was not aware of such activity.

The researchers have described RedDrop as “one of the most sophisticated pieces of Android malware that we have seen in broad distribution.”

How to keep your device safe:

Be careful when downloading apps. In this case, these apps were downloaded from third-party stores and not the official Google Play Store, so make sure the app store is reputable and safe, whether its Google Play or Apple’s App Store.

Do you have any apps already installed from third-party app stores? Do you really need them? If not – delete them.

Check the permissions the apps are requesting – and ask yourself if the information required is needed? If in doubt, don’t provide the information, and forget about that app.