S0326 RedDrop
RedDrop is an Android malware family that exfiltrates sensitive data from devices. 1
| Item | Value |
|---|---|
| ID | S0326 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.2 |
| Created | 17 October 2018 |
| Last Modified | 15 October 2019 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1429 | Capture Audio | RedDrop captures live recordings of the device’s surroundings.1 |
| mobile | T1448 | Carrier Billing Fraud | RedDrop tricks the user into sending SMS messages to premium services and then deletes those messages.1 |
| mobile | T1476 | Deliver Malicious App via Other Means | RedDrop uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. RedDrop also downloads additional components (APKs, JAR files) from different C2 servers.1 |
| mobile | T1437 | Standard Application Layer Protocol | RedDrop uses standard HTTP for communication and exfiltration.1 |
| mobile | T1426 | System Information Discovery | RedDrop exfiltrates details of the victim device operating system and manufacturer.1 |
| mobile | T1422 | System Network Configuration Discovery | RedDrop collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.1 |