SBN

The (not paranoid enough) Android

train-wreck-1935

The train wreck that is Android security continues…

A new strain of malware by security firm Wandera found in China has the following charming characteristics, according to a recent blog post.

 

Zero-day threat previously unknown within the mobile security community

Group of at least 50 functioning apps containing the sophisticated RedDrop malware

Apps are distributed from a complex network of 4,000+ domains registered to the same underground group

Once the app is opened, at least seven further APKs are silently downloaded, unlocking new malicious functionality

When the user interacts with the app, each interaction secretly triggers the sending of an SMS to a premium service, which is then instantly deleted before it can be detected

These additional APKs include spyware-like components, harvesting sensitive data, including passively recording the device’s audio, photos, contacts, files and more

RedDrop then exfiltrates this data, uploading it straight into remote file storage systems for use in extortion and blackmailing purposes

This is frightening stuff as it turns the victim’s phone into a bug, compromising phone calls made on the device as well as conversations in the vicinity.

As usual, the key problem here is that the app follows the rules and asks the user to approve a (long) list of permissions which are then used to compromise the device.  Many users don’t bother to read/think about these permission prompts, leading them to basically invite the malware authors to take over their device.

Security pros need to make their users aware of the need to read and think about security prompts EXTRA carefully on their Android devices.

*** This is a Security Bloggers Network syndicated blog from Al Berg's Paranoid Prose authored by alberg214. Read the original post at: https://paranoidprose.blog/2018/03/06/the-not-paranoid-enough-android/