A new malware has a purpose. To blackmail the user.
The newly found malware is called RedDrop and it’s purpose is to blackmail the user. Found by security researchers at Wandera, the malware is distributed through some 53 android applications that are being distributed by over 4000 domains.
Once an infected app is installed, the malware goes to work. It will send an SMS message signing the user up for a premium service, then delete that SMS message so the user never knew it occurred. The malware then goes about installing more APK’s in the background. These additional APK’s are spyware components, which will go about harvesting the users information. It will record audio, take photos, steal files and more, then send this information to the malware creator’s storage servers, to be used in blackmail schemes.
Wandera is calling this a sophisticated malware attack, I believe primarily because of the wide distribution network. They also state that the actions of the malware is difficult to trace. Not all researchers are in agreement. Craig Young of Tripwire Security went so far as to call it “a very amateur trial run of Android malware.” What should users do to not be infected by RedDrop? Simply be smart in the use of their device. As Young states, “Android users do not need to do anything more than normal to guard against this threat. Default settings on all supported releases of Android should be pretty well protected against by installing only from trusted sources and leaving Google Play Protect enabled.”
The infected applications are not found within the Google Play Store. The malicious files are downloaded and granted permissions by users who fall for the trickery of the large distribution network. While some users will surely be caught by this unwanted malware, hopefully most are now educated enough to not fall for these basic malware delivery schemes.