RedDrop malware targeting Android devices

Original Issue Date:- March 16, 2018
Virus Type:- Rootkit/Android
Severity:- High

A new Android malware called “RedDrop” has been reported. It is being spread through at least 53 apps such as image editors, calculators, adult themed apps and other educational and practical tools promoted on third party app stores.

The RedDrop malware is capable of stealing all locally saved files, live recording of the device's surroundings, application data and SIM data.

The stolen data is stored on remote systems which could possibly be used for launching further attacks.

The users are directed via advertisements to one of the over 4000 websites registered to a single group which are being used to spread the RedDrop apps. These websites contain various content for enticing the user to download one of the 53 applications.

Once the malicious app is installed on the device, it downloads at least 7 other apk files which have their own malicious functionality. They are stored in the memory giving the attacker the option of executing them without having to embed all the malicious functionality in the main app.

The RedDrop malware poses a threat mainly to people who download applications from unauthorised third party app stores.

Countermeasures:

  • Do not download and install applications from untrusted sources [offered via unknown websites/ links on unscrupulous messages]. Install applications downloaded from reputed application market only.
  • Prior to downloading / installing apps on android devices (even from Google Play Store): Always review the app details, number of downloads, user reviews, comments and "ADDITIONAL INFORMATION" section.
  • Verify app permissions and grant only those permissions which have relevant context for the app's purpose.
  • In settings, do not enable installation of apps from "Untrusted Sources".
  • Exercise caution while visiting trusted/untrusted sites for clicking links.
  • Do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users.
  • Install and maintain updated antivirus solution on android devices. Scan the suspected device with antivirus solutions to detect and clean infections.
  • Refer to security best practices for mobile Phone users: Visit http://www.cyberswachhtakendra.gov.in/documents/Mobile_phone_Security.pdf
  • Install Android updates and patches as and when available from Android device vendors.
  • Enable 2-factor authentication for your Google/other accounts.
  • Users are advised to use device encryption or encrypting external SD card feature available with most of the android OS.
  • Avoid using unsecured, unknown Wi-Fi networks. There may be rogue Wi-Fi access points at public places used for distributing malicious applications..

References: