Wandera UK researchers spent some recognizable effort in studying a new branch of malware called RedDrop and it is associated with Android. RedDrop is capable of recording close audio and storing these recordings on cloud storage services. The origin of RedDrop belongs to some Chinese employees’ mobile phones, and it was intended to target the Chinese people.
The researchers also found more than 50 apps that steal personal data from the phones infected with RedDrop. These apps aim to oblige the users to send some messages without consent to fake services for some money. These apps could be image editors, calculators, or even recreational apps. The bad side of this malware is that most of the users have hard time detecting it, making it stealthy enough to capture many personal information.
Attackers use Baidu, the famous Chinese search engine, to display some fake ads to the users that once they click on any of these ads, the users get redirected automatically to huxiawang.cn, which is the main domain for attackers. This domain allows the users to download many infected apps that could leak your personal data. Unfortunately, China do not use the services of Google Play Store, so Chinese people depend on this method to download apps.
As usual, once these apps are on your phone, they start asking you for approval requests that open the doors for many attacks. Upon downloading just one infected app, your phone will automatically install more apps that each has a specific function on their attack. Removing these apps will eventually become a very hard task since they are saved in the dynamic memory of the phone.
According to this unstoppable attack, Wandera researchers made a report to describe how to deal with this malware. The researchers found out that RedDrop has more than 4000 domains to wander around, which makes it a very powerful spying tool. One possible outcome of this malware is blackmailing innocent people. As a serious matter, Dr. Michael Covington, VP of Product Strategy at Wandera to issue the following statement:
“This multifaceted hybrid attack is entirely unique. The malicious actor cleverly uses a seemingly helpful app to front an incredibly complex operation with malicious intent. This is one of the more persistent malware variants we’ve seen,”
Related Article: The Beginning of MindLost Ransomware