1. Home
  2. Software
  3. RedDrop

RedDrop

RedDrop is an Android malware family that exfiltrates sensitive data from devices. [1]

ID: S0326
Type: MALWARE
Platforms: Android
Version: 1.2
Created: 17 October 2018
Last Modified: 24 October 2022
Version Permalink
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1437 .001 Application Layer Protocol: Web Protocols

RedDrop uses HTTP requests for C2 communication.[1]
Mobile T1429 Audio Capture

RedDrop captures live recordings of the device's surroundings.[1]
Mobile T1646 Exfiltration Over C2 Channel

RedDrop uses standard HTTP for exfiltration.[1]
Mobile T1643 Generate Traffic from Victim

RedDrop tricks the user into sending SMS messages to premium services and then deletes those messages.[1]
Mobile T1544 Ingress Tool Transfer

RedDrop uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. RedDrop also downloads additional components (APKs, JAR files) from different C2 servers.[1]

Mobile T1426 System Information Discovery

RedDrop exfiltrates details of the victim device operating system and manufacturer.[1]
Mobile T1422 System Network Configuration Discovery

RedDrop collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.[1]
.001 Internet Connection Discovery

RedDrop collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.[1]
.002 Wi-Fi Discovery

RedDrop collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.[1]

References

  1. Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.