Threat Advisory: RedDrop

Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

RedDrop is another in the long line of Android spyware apps. The malware has captured attention because of its ability to turn on microphones and exfiltrate sensitive data, but unfortunately that doesn’t make it unique. While there appears to be an elaborate network behind it, RedDrop is simply another Android spyware variant that utilizes well-known techniques that are found in many of the attacks being regularly discovered. Like the others, RedDrop is detected by Zimperium’s z9 detection engine, on device and in real-time.

RedDrop Analysis

According to the researchers that disclosed the malware, here are some salient points of RedDrop:

  • A Group of at least 50 functioning apps containing the sophisticated RedDrop malware
  • Apps are distributed from a complex network of 4,000+ domains registered to the same underground group
  • Once the app is opened, at least seven further apps (APKs) are silently downloaded, unlocking new malicious functionality
  • These additional APKs include spyware-like components, harvesting sensitive data, including passively recording the device’s audio, photos, contacts, files and more
  • RedDrop then exfiltrates this data, uploading it straight into remote file storage systems for use in extortion and blackmailing purposes
  • When the user interacts with the app, each interaction secretly triggers the sending of an SMS to a premium service, which is then instantly deleted before it can be detected

How Zimperium Helps Defeat RedDrop

Zimperium zIPS, powered by our core machine learning-based engine, z9, detects the RedDrop malware locally, on device, and can prevent it from executing via customer-defined policy enforcement. Additionally, exploits used by the malware to escalate privileges on the device would also be detected by z9.

For more information about Zimperium and its offerings, please visit us at

The post Threat Advisory: RedDrop appeared first on Zimperium Mobile Security Blog.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
About Zimperium
Zimperium, the industry leader in Mobile Threat Defense, offers real-time, on-device protection against both known and previously unknown threats, enabling detection and remediation of attacks on all three mobile threat vectors - Device, Network and Applications. Zimperium’s patented z9™ detection engine uses machine learning to power zIPS™, mobile on-device Intrusion Prevention System app, and zIAP™, an embedded, In-App Protection SDK that delivers self-protecting iOS and Android apps. Leaders across the mobile ecosystem partner with Zimperium, including mobile operators (Airtel, Deutsche Telekom, SmarTone, SoftBank and Telstra), device manufacturers (Samsung, SIRIN, TriGem), and leading enterprise mobility management (EMM) providers (AirWatch, MobileIron, BlackBerry, Citrix and SAP). Headquartered in San Francisco, Zimperium is backed by Sierra Ventures, Samsung, Telstra, Warburg Pincus and SoftBank. Learn more at or our official blog at

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



DNS Rebinding – Behind The Enemy Lines
Views: 734 / January 19, 2019
My IT Learning Journey
Views: 1248 / January 18, 2019
A New Age of Digital Interconnection
Views: 1043 / January 18, 2019
7 Project Management Basic Rules
Views: 1506 / January 17, 2019
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?