The train wreck that is Android security continues…
A new strain of malware by security firm Wandera found in China has the following charming characteristics, according to a recent blog post.
Zero-day threat previously unknown within the mobile security community
Group of at least 50 functioning apps containing the sophisticated RedDrop malware
Apps are distributed from a complex network of 4,000+ domains registered to the same underground group
Once the app is opened, at least seven further APKs are silently downloaded, unlocking new malicious functionality
When the user interacts with the app, each interaction secretly triggers the sending of an SMS to a premium service, which is then instantly deleted before it can be detected
These additional APKs include spyware-like components, harvesting sensitive data, including passively recording the device’s audio, photos, contacts, files and more
RedDrop then exfiltrates this data, uploading it straight into remote file storage systems for use in extortion and blackmailing purposes
This is frightening stuff as it turns the victim’s phone into a bug, compromising phone calls made on the device as well as conversations in the vicinity.
As usual, the key problem here is that the app follows the rules and asks the user to approve a (long) list of permissions which are then used to compromise the device. Many users don’t bother to read/think about these permission prompts, leading them to basically invite the malware authors to take over their device.
Security pros need to make their users aware of the need to read and think about security prompts EXTRA carefully on their Android devices.