RedDrop Android Malware Steals Data from Users

RedDrop, a new Android malware, steals sensitive data and inflicts financial cost on the users of infected devices. First uncovered by the security company Wandera, the mobile malware was found in 53 third-party apps, such as image editors and calculators, that appear legitimate but request excessive permissions when downloaded. After one of the affected apps is opened, a connection is made to a command-and-control server and the malware downloads at least seven APKs (application packages) that facilitate additional malicious actions. The APKs enable spyware-like functions, harvesting data collected from device audio, phone calls, photos, contacts, and files. The perpetrator behind the malware attack uses the harvested information to extort or blackmail the victim. Additionally, the malware carries out SMS fraud by secretly sending an SMS message to a premium service every time the affected user interacts with one of the malicious apps. The NJCCIC recommends users and administrators review the Wandera report on the RedDrop malware. Users are advised to monitor mobile phone bills for suspicious and fraudulent charges generated by the SMS service and report them to your mobile carrier immediately. Additionally, we recommend running a reputable antivirus application on all devices, avoid downloading apps that require excessive device permissions, and refrain from downloading any apps from third-party, unofficial app stores.