Skip to content

S0326 RedDrop

RedDrop is an Android malware family that exfiltrates sensitive data from devices. 1

Item Value
ID S0326
Associated Names
Version 1.2
Created 17 October 2018
Last Modified 15 October 2019
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1429 Capture Audio RedDrop captures live recordings of the device’s surroundings.1
mobile T1448 Carrier Billing Fraud RedDrop tricks the user into sending SMS messages to premium services and then deletes those messages.1
mobile T1476 Deliver Malicious App via Other Means RedDrop uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. RedDrop also downloads additional components (APKs, JAR files) from different C2 servers.1
mobile T1437 Standard Application Layer Protocol RedDrop uses standard HTTP for communication and exfiltration.1
mobile T1426 System Information Discovery RedDrop exfiltrates details of the victim device operating system and manufacturer.1
mobile T1422 System Network Configuration Discovery RedDrop collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.1


Back to top