RedDrop is an Android spyware discovered by security researchers at Wandera, found in over 50 different third party apps such as image editors and calculators, which appear legitimate but request excessive permissions when downloaded. The malware uses over 4,000 domains to distribute the applications that deliver the malware, making it difficult for detection and to find the source of the threat. When a victim downloads and installs one of these apps, more than 7 APKs (application packages) are downloaded silently in the background, without the user’s knowledge or consent, from the threat actor's C2 server. These APKs enable spyware-like functions, harvesting data collected from device audio, phone calls, photos, contacts, files, and device related info such as IMEI, SIM related info, application data, and nearby Wi-Fi networks. The perpetrator behind the malware attack uses the harvested information to extort or blackmail the victim. Additionally, the malware carries out SMS fraud by secretly sending an SMS message to a premium service every time the affected user interacts with one of the malicious apps, inflicting financial costs on the victim.
- Wandera provides more details on the RedDrop Android malware here.