Posted on March 2, 2018 at 1:13 PM
53 apps have already found the malware including language learning app, calculators, and images editors.
The newest attack on our data has been discovered by security researchers, and it is a spying software designed to spy on its users. Wandera, (a UK-based mobile security and data management firm) has named the spyware RedDrop after discovering it in 53 different mobile applications. The spyware is capable of stealing audio recordings and in the process hitting users where it really hurts, their phone bill!
Wandera cautions users (in a blog post.) as malware is innocently hidden in an “innocent guise for the malicious content stored within.” The mobile security company’s machine learning detector discovered the malware in an unassuming link for the well known, search engine Baidu. Immediately the unassuming victim was taken to huxiawang.cn which is the host site of the data-stealing attack. Once there, the user is inundated with downloadable apps which contain the malware. There are nearly 4000 domains used by RedDrop, to spread its malware.
Security teams have detected a “complex CDN [content distribution network]” which makes detection incredibly difficult and finding the source of the threat almost impossible. With embedded files downloaded, the app can continue to wreak havoc in your systems with additional files such as APK’s and JAR’s which get stored in the device memory. And this enables the attacking software to execute additional APK’s without directly embedded in the original download.
Under the guise of clear and easy to use apps, RedDrop entices users to constantly interact using their phone. In one case, an SMS message was sent when a user played “CuteActress” and repeatedly rubbed the phone, to reveal a sexy woman. While the user is charged for every SMS text sent the malware works to remove the text history, making it virtually undetectable to the player, and not apparent until the next phone bill arrives.
Dr. Michael Covington, (VP of Product Strategy at Wandera) state that “This is one of the more persistent malware variants we’ve seen.” The array of Spyware software tools includes both encrypted and unencrypted personal data ranging from contacts to SIM’s information, photos, Wi-Fi networks, and live recordings of its surroundings. This information is stored in the personal Drive folders or DropBox, for future attacks.
The good news is that Google Play Store has not yet been affected, as these have been found through 3rd party apps only, including “Video Blocker,” “Paint It,” “Plus Italy” and “Hot Tone.” With that being said, these apps are designed to be enticing to the victim and are very difficult to trace. Meaning that these affected apps will continue to be used even after flagging, due to how well the malware building groups planned the malicious applications.