RedDrop

RedDrop is an Android malware family that exfiltrates sensitive data from devices. [1]

ID: S0326
Type: MALWARE
Platforms: Android
Version: 1.2
Created: 17 October 2018
Last Modified: 15 October 2019

Techniques Used

Domain ID Name Use
Mobile T1429 Capture Audio

RedDrop captures live recordings of the device's surroundings.[1]

Mobile T1448 Carrier Billing Fraud

RedDrop tricks the user into sending SMS messages to premium services and then deletes those messages.[1]

Mobile T1476 Deliver Malicious App via Other Means

RedDrop uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. RedDrop also downloads additional components (APKs, JAR files) from different C2 servers.[1]

Mobile T1437 Standard Application Layer Protocol

RedDrop uses standard HTTP for communication and exfiltration.[1]

Mobile T1426 System Information Discovery

RedDrop exfiltrates details of the victim device operating system and manufacturer.[1]

Mobile T1422 System Network Configuration Discovery

RedDrop collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.[1]

References