RedDrop
has existed named one of the most sophisticated pieces of Android malware
We’re
used toward hearing about new types of bad Android malware, but a freshly exposed
strain can be one of the utmost aggressive always found. Not only be able to
RedDrop bargain a device’s photos, contacts, files, also other data, then it's
also able toward record live audio too rack up huge phone bills for the victim.
UK-based Mobile security and data management firm Wandera uncovered RedDrop on the phones of employee at several global consultancy firms. It's described as "One of the most sophisticated pieces of android malware".
"Wandera's machine wisdom findings initial exposed the
RedDrop apps when a handler snapped going on an ad showing on broadly said
Chinese search engine Baidu. The handler existed then occupied toward
huxiawang.cn, the major spreading site designed for the attack," composed investigators.
The landing pages that follow have content that tries toward boost
visitors to download one of the 53 malicious apps from contained by the RedDrop
family. The malware’s maker’s usage a content distribution network of over 4000
domains toward issue the applications, which are disguised as calculators,
image editors, language learning aids, games, also adult content.
"We believe the group established this complex CDN [content
distribution network] to complicate where the malware was aided from, creation
it harder for safe keeping teams to spot the source of the threat," added
the researchers.
The RedDrop apps have malicious fixed files, which are set in
order so they exist able to recruit the malicious functionality. When
installed, the malware downloads extra payloads such as APKs and JAR files beginning
various C&C servers also stores them with passion in the device's memory.
To each of the infected apps need handlers to act together with
their device. One of them, called “Cute Actress,” requests players to rub the
screen to expose a seductively-dressed woman, however to each time the display
is scrubbed, the handler is unknowingly sending an SMS message toward a
premium-rate service. The malware even deletes entirely record of the messages existence
sent.
RedDrop be able to too harvest data such as local files (photos
or contacts etc.), SIM info, app plus Wi-Fi info, and device details. It be
able to also grab live audio recordings of local surroundings by a device’s
microphone. The data is then sent back to the attackers’ Dropbox or Drive
folders to use for extortion purposes or launch further attacks.
"Not
only does the attacker use a wide-ranging of functioning malicious applications
toward entice the victim, they've also completed each tiny detail to confirm
their actions are difficult toward trace," the researchers thought.
"The group that built this malware take calculated it exceptionally
well."
Wandera recommends disallowing third-party downloads, avoid rooting your device check which permissions apps request, and use a security solutions that can monitor and block C&C traffic at the device level.
No comments:
Post a Comment