RedDrop is an Android malware family that exfiltrates sensitive data from devices. [1]

ID: S0326
Platforms: Android

Version: 1.1

Techniques Used

MobileT1476Deliver Malicious App via Other MeansRedDrop uses ads or other links within web sites to encourage users to download the malicious apps. A complex content distribution network (CDN) and series of network redirects is used in an apparent attempt to evade malware detection techniques.[1]
MobileT1419Device Type DiscoveryRedDrop exfiltrates details of the victim device operating system and manufacturer.[1]
MobileT1407Download New Code at RuntimeRedDrop downloads additional components (APKs, JAR files) from different C&C servers and stores them dynamically into the device’s memory, allowing the adversary to execute additional malicious APKs without having to embed them straight into the initial sample.[1]
MobileT1429Microphone or Camera RecordingsRedDrop exfiltrates locally saved files (including photos) as well as live recordings of the device's surroundings.[1]
MobileT1406Obfuscated Files or InformationRedDrop contains malicious embedded files, which are compiled to initiate the malicious functionality.[1]
MobileT1448Premium SMS Toll FraudRedDrop tricks the user into sending SMS messages to premium services and then deletes those messages.[1]
MobileT1437Standard Application Layer ProtocolRedDrop exfiltrates data using standard HTTP.[1]
MobileT1422System Network Configuration DiscoveryRedDrop exfiltrates IMEI, IMSI, MNC, MCC, nearby WiFi networks, and other device and SIM related info.[1]