Register to stream ATT&CKcon 2.0 October 29-30


RedDrop is an Android malware family that exfiltrates sensitive data from devices. [1]

ID: S0326
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1476 Deliver Malicious App via Other Means RedDrop uses ads or other links within web sites to encourage users to download the malicious apps. A complex content distribution network (CDN) and series of network redirects is used in an apparent attempt to evade malware detection techniques. [1]
Mobile T1419 Device Type Discovery RedDrop exfiltrates details of the victim device operating system and manufacturer. [1]
Mobile T1407 Download New Code at Runtime RedDrop downloads additional components (APKs, JAR files) from different C&C servers and stores them dynamically into the device’s memory, allowing the adversary to execute additional malicious APKs without having to embed them straight into the initial sample. [1]
Mobile T1429 Microphone or Camera Recordings RedDrop exfiltrates locally saved files (including photos) as well as live recordings of the device's surroundings. [1]
Mobile T1406 Obfuscated Files or Information RedDrop contains malicious embedded files, which are compiled to initiate the malicious functionality. [1]
Mobile T1448 Premium SMS Toll Fraud RedDrop tricks the user into sending SMS messages to premium services and then deletes those messages. [1]
Mobile T1437 Standard Application Layer Protocol RedDrop exfiltrates data using standard HTTP. [1]
Mobile T1422 System Network Configuration Discovery RedDrop exfiltrates IMEI, IMSI, MNC, MCC, nearby WiFi networks, and other device and SIM related info. [1]