Droid KungFu, Plankton, and Geinimi are a few examples of mobile malware that have wreaked havoc in the past. However, a new malware called RedDrop has now raised its head which can spy on users, delete critical files and also cause financial damage by automatically subscribing to premium services without the knowledge of users.
Discovered by the security research team at Wandera, the malware is a zero-day threat which has been found to infect 53 apps that collect sensitive user data and transfer it to the cloud storage account of malicious parties. Private equity-backed Wandera works with business for enterprise-level mobile and data security and management and said the malware has infected apps such as calculators, image editors as well as educational apps to avoid suspicion.
The malware-ridden apps were distributed from a Chinese webpage which was linked to a complex network of over 4000 domains and employed ‘a complex series of network redirects’ to evade detection by security tools. Once users download an infected app, multiple APKs are installed as a package without their knowledge, and these APKs perform a host of malicious tasks. “When the user interacts with the app, each interaction secretly triggers the sending of an SMS to a premium service, which is then instantly deleted before it can be detected.”, reads Wandera’s post.
The malware steals data like locally saved files, live recordings of the users’ surroundings, IMEI & IMSI numbers, SIM card information, app data, etc., which is then transferred to a Google Drive or Dropbox account. The downloaded APKs also install a host of spyware tools and send the recorded info to the malicious parties who can use it to blackmail users.
Another serious damage caused by the RedDrop malware is SMS frauds. As per Wandera’s report, every time users tap or slide on the screen in an infected app, they unknowingly send an SMS to a premium service which incurs hefty charges. Moreover, the messages are deleted almost instantaneously, thereby removing any traces.
Wandera labeled RedDrop one of the most sophisticated and dangerous mobile malware due to its hybrid functionality and the ability to cause damage in multiple ways.