back to article RedDrop nasty infects Androids via adult links, records sound, and fires off premium-rate texts

A newly discovered strain of Android malware makes live recordings of ambient audio around an infected device. The RedDrop nasty also harvests and uploads files, photos, contacts, application data, config files and Wi-Fi information from infected kit. Both Dropbox and Google Drive are being used as temporary storage by the …

  1. Anonymous Coward
    Anonymous Coward

    Have any naughty pictures on your phone? Well, teenage boys in China are looking at them right now!

    1. Anonymous South African Coward Silver badge
      Trollface

      What if they're really *really* **really** fugly and miff dick or titty pix?

  2. Anonymous Coward
    Anonymous Coward

    Meh

    "The RedDrop nasty also harvests and uploads files, photos, contacts, application data, config files and Wi-Fi information from infected kit. Both Dropbox and Google Drive are being used as temporary storage by the attackers."

    That describes almost every single "Cleaner/Anti-hacking/Battery Saver" app on the Google Play store.

    1. davidp231

      Re: Meh

      And <insert name of game> guides.

  3. Anonymous Coward
    Anonymous Coward

    Does it bypass the 'which carrier do you want to use' prompt for dual sim phones?

  4. Dr Mantis Toboggan
    Holmes

    Hmmm

    That infection graph seems to have at least 10 steps missing from what I can count. It's also weird all 10 are barriers that would prevent you getting this..

    Go figure...

    Also wondering how this breaks posting rules, unless its now forbidden to point out glaring errors that make stories appear ridiculous..

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmmm

      DMT mentioned, "That infection graph..."

      The sample picture in Step 3, even blurred as presented here, looks exceedingly familiar...

  5. Anonymous Coward
    Anonymous Coward

    I love the way "exfil" or "exfiltration" has become common terminology these days.

    Until the Australian Census debacle, the only people who had ever heard of it were security (or military) professionals, these days even script kiddies and journalists use it frequently.

    1. John Brown (no body) Silver badge

      "I love the way "exfil" or "exfiltration" has become common terminology these days."

      Yeah, my wife uses it ever few months when the water from the tap starts to taste funny and I have to change the filter.

      The shortened version "exfil" always seems to be used American "cool kids" who don't seem to have an attention span long enough to cope with saying long words.

    2. JeffyPoooh Silver badge
      Pint

      "...become common terminology these days."

      One of my kidiots (age 14) has somehow picked up an extraordinarily wide ranging vocabulary, primarily from playing video games and watching YouTube. At times he uses obscure words (correctly) that cause our jaws to hang open in disbelief.

      Q: "Where did THAT word come from?"

      A: "Video games."

  6. FlamingDeath Bronze badge

    Curious as to the root to infection?

    How many steps of stupid are needed to become infected?

    Am I missing something, is this exploiting a known vulnerability in the android OS, or is it relying on the ignrance of the user?

    1. Morten_T

      Re: Curious as to the root to infection?

      "Am I missing something, is this exploiting a known vulnerability in the android OS, or is it relying on the ignrance of the user?"

      I think it's a combination of all three:

      The "vulnerability" is really a feature in Android, that lets you install .apk packages from 3rd party sources instead of the Google Store. This can be very useful, but also introduces the risk that said .apk packages may or may not have been tested fro malware very well or at all. It also has an additional problem in that you can either enable it or not. You can't choose to use Google Store, TrustedAppStore1 and TrustedAppStore2, and then block everything else. It's either apps from Google only or from the entire world. IMO this would somewhat heighten security for users, but is by no means a silver bullet. *

      The part you're probably missing is that some people enable the above mentioned feature in order to use a different app store than the one Google provides. AFAIK this is very common practice in China, among other places.

      Regdaring the user's ignorance, you have a point here. It's my impression that many people don't really know that doing this puts their phone at risk, perhaps they just inherently trust the app store they're using. But if the app store doesn't screen the submitted apps for malware before making them available, then there's really no security at all.

      * (I realize the piece of malware in qustion came from the Baidu store, and my propoed approach would do nothing to stop it in this case).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019