Researchers Identify 'RedDrop' Android Blackmailing Malware

Researchers at Wandera have discovered a new Android malware that is now being dubbed “RedDrop.” While there are plenty of malware versions out there a good portion of them look to extort money from the victim. These are usually referred to as ransomware due to their nature of holding content belonging to the user for ‘ransom.’ Most typically, by blocking the victim’s access to the content. However, RedDrop is a little different in this respect, as not only does it not block access for the victim, but there is a good chance the user will remain unaware of the malware - until a blackmail ransom is requested.

This is due to RedDrop's priority of amassing the victim’s data, not locking it. As the researchers state RedDrop is primarily concerned with copying all of the data and information it can from an infected device to a Dropbox or Google Drive folder accessible by the attacker(s). The malware is also said to specifically be interested in identifying and copying sensitive data with a view to allowing the attackers to blackmail the user at a later time. While copying of personal information, photos, videos, and so on, seems to be the primary goal of the malware, it also has the ability to effectively create new and usable material, as it can for example, activate the device’s microphone and record what it hears. Likewise, as a side revenue stream the malware also interprets every click by the user within one of the culprit apps as a command to send an SMS message to a premium-rate number. Also while instantly deleting the bread crumbs related to the action at the same time.

This is all made possible by the mechanics of the malware. As once a target app has been downloaded by the user (which Wandera currently states exceeds fifty different apps), the app has the ability to deploy additional apps by downloading them. These then have the further ability to run in the background and work in harmony to carry out the fundamentals of the attack. As is usually the case with malware, there are varying levels to how susceptible an individual and their device is to RedDrop. For example, the researchers note that as the app involves trying to escalate permissions, devices running on Android 8.0 (Oreo) are less prone to the effects - due to Oreo’s ability to notify device owners of a change in permissions. Although Oreo aside the researchers explain the single biggest proactive protective measure device owners can take is disabling the device's ability to install third-party apps. Therefore, while Wandera is positioning this as “one of the most sophisticated pieces of Android malware that we have seen in broad distribution” it also does seem to be one that is easily protected against through basic safeguards: disabling third-party app installation, running the most up to date version of Android, and monitoring new permission requests.

You May Like These
More Like This:
About the Author
2014/05/John.jpg

John Anon

Editor-in-Chief
John has been writing about and reviewing tech products since 2014 after making the transition from writing about and reviewing airlines. With a background in Psychology, John has a particular interest in the science and future of the industry. Besides adopting the Managing Editor role at AH John also covers much of the news surrounding audio and visual tech, including cord-cutting, the state of Pay-TV, and Android TV. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now