Researchers Warn of Mobile Blackmail Malware

Written by

Researchers are warning of a newly-discovered mobile spyware variant designed to record victims with a view to potentially blackmailing them.

Security vendor Wandera discovered the RedDrop malware in a wide range of 53 applications including image editors, calculators and foreign language education apps.

As is the norm for Android malware, the malicious apps request invasive permissions, including one which allows the malware to be persistent between reboots.

The group behind RedDrop use over 4000 domains to distribute the malicious apps, with users redirected multiple times in order to trick security filters, the vendor explained.

Over seven additional APKs are then covertly downloaded from the C&C server and installed, including a trojan, dropper, premium SMS functionality and spyware.

“When all of the functionality is combined, RedDrop aims to extract valuable and damaging data from the victim. As soon as the information is collected, it is transmitted back to the attackers’ personal Dropbox or Drive folders to be used in their extortion schemes and as the foundation to launch further attacks,” Wandera explained.

However, other experts weren’t convinced about the sophistication of the malware.

Tripwire security researcher, Craig Young, said it looked more like “a very amateur trial run of Android malware.”

“Android users do not need to do anything more than normal to guard against this threat. Default settings on all supported releases of Android should be pretty well protected against by installing only from trusted sources and leaving Google Play Protect enabled,” he added.

“It is also of course important to be mindful about what permissions are requested by apps.”

The news comes during Mobile World Congress this week, at which Trend Micro launched its 2017 roundup report.

It revealed a 415% increase in detected new mobile ransomware samples, although the vast majority were in China, and a near doubling of iOS/Android vulnerabilities discovered and disclosed during 2017.

The vendor claims to have blocked over 58 million mobile threats last year, with mobile banking malware also on the rise.

What’s hot on Infosecurity Magazine?