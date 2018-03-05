Researchers warn that malware could be used to blackmail users. New malware has been discovered that could eavesdrop on Android smartphone users and run up huge bills.

Dubbed RedDrop by security researchers at Wandera, the malware, once fully installed, will extract a devastating amount of personal data, including live recordings of the infected device's surroundings, files, photos, contacts, device intelligence, application data and Wifi information. The malware also makes the victim unwittingly submit expensive SMS messages to a premium service. The exfiltrated data is then transmitted to the attacker's personal Dropbox or Google Drive folder - without arousing any suspicion.

Wandera first discovered the malware when an employee from a US-based "Big Four" consulting firm used their mobile web browser to click on a link displayed on Chinese search engine Baidu - the fourth most visited site in the world. The user was then directed to a site displaying adult content, which was detected as suspicious by Wandera's security engine MI:RIAM and subsequently blocked.

Upon further investigation, Wandera discovered over 53 seemingly innocent looking apps that front-end the malware, as well as an intricate distribution network of over 3,000 registered to the same group, used to maximise reach to end-user devices.

Researchers said that the malware is one of the most sophisticated pieces of Android malware that they have seen in broad distribution and with such an extensive network of supporting infrastructure.

This multifaceted hybrid attack is entirely unique. The malicious actor cleverly uses a seemingly helpful app to front an incredibly complex operation with malicious intent. This is one of the more persistent malware variants we've seen,” said Dr Michael Covington, VP of product strategy at Wandera.

This article originally appeared at scmagazineuk.com