• Skip to content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Cyber Threat Defense

Cyber Security News

You are here: Home / Mobile security / Android Malware RedDrop Created for Blackmail

Android Malware RedDrop Created for Blackmail

March 2, 2018 By News Team Leave a Comment

RedDrop, a new kind of mobile malware family built for Androids, is specifically intended for blackmail purposes. Researchers at the U.K. security firm Wandera say that RedDrop targets user’s personal data, from the apps you’ve installed to your nearest WiFi networks. It hacks into your contacts and photos, and most worryingly, has the ability to hijack your phone’s microphone.

The zero-day threat was previously unknown within the mobile security company, and first came to light at various global consultancy firms when Wandera’s machine intelligence machine (MI:RIAM) blocked a download of a suspicious-looking app. The company discovered at least 50 functioning apps that contain the RedDrop malware.

Wandera said, “The 53 malware-ridden apps are exfiltrating sensitive data – including ambient audio recordings – and dumping it in the attackers’ Dropbox accounts to prepare for further attacks and extortion purposes”.

Once the app is downloaded, at least seven additional APKs are also silently downloaded, unlocking malicious functionality. These include spyware-like components, including passively recording the device’s audio and infiltrating its photos, contacts, files and more. Each interaction the user has with the app secretly triggers the sending of an SMS to a premium service, which is instantly deleted before detection. RedDrop then exfiltrates the data, uploading it into remote file storage systems for future use in extortion or blackmail.

The type of information pulled from the device is potentially destructive both on a personal and a professional level, if the device is used for work.

“Once the threat actor is able to extract PII from the device, the victim is open to identity fraud, compromised credentials and other malicious activities that can arise from this device breach. The greatest threat from this malware is the potential to infiltrate a corporate network where IT assets are compromised and data can be exfiltrated. Many organizations have a BYOD policy which would be an ideal method of attack to create a devastating breach,” Andrew Speakmaster, founder and chief technology officer of SiO4, told SC Media.

The apps are disguised in many different iterations from image editors to calculator to space exploration tools.

“This multifaceted hybrid attack is entirely unique. The malicious actor cleverly uses a seemingly helpful app to front an incredibly complex operation with malicious intent. This is one of the more persistent malware variants we’ve seen,” said Dr. Michael Covington, VP of Product Strategy at Wandera.

All the infected Android apps Wandera has discovered come from third-party app stores based in China. If you stick to installing apps from Google Play, there is no current risk of being infected by RedDrop. However, Wandera warned, “RedDrop is one of the most sophisticated pieces of Android malware that we have seen in broad distribution”.

 

Filed Under: Espionage, Hacking Tools, Mobile security Tagged With: Android malware, APKs, blackmail, espionage, MI:RIAM, mobile security, RedDrop, spyware, Wandera

Primary Sidebar

Recent Articles

  • How Profits Inspires Virus Developers
  • What’s Propelling A10 Networks Inc (NYSE: ATEN) After Higher Shorts Reported?
  • FacexWorm Targets Facebook Messenger
  • Cisco Systems Webex Flaws Allows Remote Users To Execute Code
  • Europe sees Radical Drop in DDoS Attacks Since Seizure of Webstresser Site

Categories

  • Application Security
  • Bitcoin
  • Bot Defense
  • Browser Security
  • Business Models
  • Critical infrastructure
  • Cryptocurrencies
  • Cryptojacking
  • Cryptomining
  • Cybercrime
  • cybersecurity
  • Data Breach
  • Data Theft
  • DDoS
  • Endpoint Security
  • Espionage
  • Feature
  • Firewall
  • Fraud
  • Government
  • Hacking
  • Hacking Tools
  • IoT
  • Layer7
  • Leaks
  • Malware
  • Mining
  • Mobile security
  • Point of Sale Devices
  • Quantum Encryption
  • Quantum Security
  • Ransomware
  • Routing
  • Uncategorized
  • Vault7
  • Vault8
  • Vulnerabilities
  • Wikileaks

Secondary Sidebar

Cyber Threat Defense.net | Copyright © 2019 All product names, logos, and brands are property of their respective owners. All company, product and service names used on site are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.