SECURITY BODS have uncovered a new Android threat that can snoop on users and steal personal data, all while racking up a huge phone bill in the process.
UK-based security outfit Wandera has sounded the alarm bells after finding the spyware, dubbed 'RedDrop', inside 53 applications masquerading as useful tools such as image editors, calculators and language-learning apps.
"Each one is intricately built to provide entertaining or useful functionality - to act as a seemingly innocent guise for the malicious content stored within," Wandera researchers said.
"Wandera's machine learning detections first uncovered one of the RedDrop apps when a user clicked on an ad displaying on popular Chinese search engine Baidu. The user was then taken to huxiawang.cn, the primary distribution site for the attack."
These infected-apps request invasive permissions, Wandera notes, enabling it to harvest information including live recordings of its surroundings, user data, photos, contacts, notes, device data and information about saved WiFi networks and nearby hotspots.
In addition to its snoopery, RedDrop secretly sends text messages to a premium-rate phone number, which will see affected users whacked with a massive phone bill.
An SMS is sent every time a user interacts with an infected app and the malware is able to delete these messages almost instantly, meaning the evidence of these premium SMS is destroyed.
Wandera goes on to describe RedDrop as "of the most sophisticated pieces of Android malware" it's ever come across, noting that the malware uses more than 4,000 domains that link back and forth to one another in an effort to circumvent and prevent detection techniques.
The malware uses 4,000 domains used by the RedDrop creators to distribute these apps and spread the malware.
"This multifaceted hybrid attack is entirely unique. The malicious actor cleverly uses a seemingly helpful app to front an incredibly complex operation with malicious intent. This is one of the more persistent malware variants we've seen," commented Dr Michael Covington, VP of Product Strategy at Wandera.
To dodge the spyware, Wandera recommends that third-party app stores are disabled. It also says advises enterprise devices should also be equipped with a security tool that provides visibility into the network traffic. µ
Libra RE: not fine
NCSC notes upsurge attacks that redirect users to malicious websites
No let up for the main pawn of the trade war