RedDrop is a malware capable of spying on its victims. It can collect data about a victim’s device, including data from a device’s memory card and contacts list, and discretely make a device buy paid-for subscriptions, which can result in users facing financial risk. There are hundreds of unique RedDrop detections across the world, mostly from Chinese users. The malware is spreading via 3rd party platforms that disguise the software as adult applications.
The new mobile malware is aiming at Android devices that can steal data and other sensitive information like photos, contacts and recordings.
According to reports malware RedDrop is activated in 53 Android applications that are on 3rd party stores. The applications that are activated with RedDrop belong to the category of Editors, Calculators, and Learning apps.
Security firm Wandera in an interview said “RedDrop is one of the most sophisticated pieces of Android malware that we have seen in broad distribution. Not only does the attacker utilize a wide range of functioning malicious applications to entice the victim, they’ve also perfected every tiny detail to ensure their actions are difficult to trace.”
Must Read : Is Windows Defender Good Enough for Your PC?
How RedDrop is Being Spread Across the Globe?
Baidu- the most popular Chinese search engine is promoting these applications through ads. As soon as users click on the ad, it will redirect you to the new page. This page is the primary distribution site from where the malware is being spread.
After the user installs these infectious apps from Baidu, it will automatically install more APKs of the same application in user’s device containing malware and spyware.
Once the user opens the app, it sends SMS for a premium service on your Android device. This malware can also access your details like phone contacts, photos, personal details like bank information, and audio recordings too.
Also Read : Hide and Seek: New Botnet Threat
Where was it First Reported?
This malware was first observed by Wandera at a ‘Big Four’ that is an accounting firm comprised of four organizations. According to investigation, the infrequent network traffic was detected on the Android devices of employee’s working in these respective organizations. At last, Wandera came to know that an APK file is attached to the domains used by the Big Four, from where the information and details of the employees were leaked.
RedDrop is on over 4000 domains till now, all controlled by a single group that might be operating from out of China. Asia is the most affected region by RedDrop.
Preventions that Should be Taken
Users who use 3rd party stores are asked not to click the ads and even download the apps. As a prevention, all the Android users should use legitimate and authentic app stores to download and install the app.
Android users should update the software to latest version of Android that is Android Oreo. RedDrop Malware can easily sidestep previous versions of Android.
Android Oreo has a feature where it makes it easier to detect and block apps that are from 3rd party stores or are harmful for your device.
Please comment and provide your feedback if you found this helpful or have any suggestions!!