A new Android malware has been discovered recently. Dubbed as “RedDrop”, this malware seems to be one of the most sophisticated Android malware. RedDrop was discovered in 53 Android apps where installation of infected apps could lead to privacy-related issues. This Android malware is designed to steal a user’s personal information and money.
Wander, the security firm that discovered the malware has caught it spreading on malicious ads on a Chinese search engine called Baidu. Once a user clicks on the infected ads, it would lead to huxiawang[.]cn site that triggers redirects to one of the 4,000 domains used in spreading one of the 53 apps infected with the RedDrop malware.
Once the malware is installed in the Android system, it will install various spying tools so it can steal user’s personal information which is sent to a remote Dropbox and Google Drive folders belonging to the cyber crooks behind RedDrop. The information gathered might be used for nefarious activities.
In the onset of its attack, RedDrop will connect to its Command and Control or C&C server and download other malicious APK files that have different functions. This Android malware’s most notable activities are spying and SMS fraud. Based on the analysis done by security experts, RedDrop sends an SMS message to premium services each time a user launches and touches the screen while using the RedDrop-laden app. To cover its tracks, the malware deletes the messages it sent. This is why it is hard for a user to determine if they are infected with this malware until it’s too late and they receive a huge bill on their smartphones at the end of the month.
If you think that getting charge for premium service is the worst thing that this malware can do, you’re wrong. The very aim of RedDrop is stealing various personal information from the device such as a user’s pictures, contacts, a live recording of the surroundings, device and SIM information, Wi-Fi information, as well as application data. Clearly, this Android malware is a big threat to your privacy. At the time of writing it is still not known how and when the cyber crooks will use the information they have managed to obtain from the infected Android devices, although one of the obvious things they can do is most likely identity theft. Luckily, the 53 malicious Android apps were taken down right away.
This kind of happening should remind users to only install apps from legitimate app stores and not on third party ones that are usually suspicious. Thankfully, the RedDrop malware didn’t manage to make it to the Google Play Store.
Malicious apps were available on more than 4,000 third-party domains. Such distribution method proves the fact that it’s important to download apps from the official stores. Third-party app stores or unknown and suspicious download sources are usually used for distributing Android malware so you should be careful in downloading apps unless they’re from legitimate app stores or better yet, avoid installing apps from unknown sources to avoid the risk of malware attack. However, just a reminder, every once in a while, legitimate app stores like the Google Play Store also experience this kind of situation so you should still be careful even in downloading from official app stores and check the app’s reviews first before installing it.