Android malware can record audio, upload copied data to hackers’ servers

A recently identified form of malware affecting Android devices can copy files, saved Wi-Fi network information, and record full phone calls. The copied data is uploaded to a cloud server.

Devices can become infected when a user downloads an infected app. These apps include practical tools such as calculators, image editors, or language apps. The apps are not available through the Google Play Store and can only be installed if users have activated third-party app installation. Healthcare organizations that provide staff with Android devices or permit the use of personally owned devices must take action to monitor devices and address infected devices.

The malware, known as RedDrop, was identified by researchers at Wandera, a cybersecurity company based in San Francisco and London. It is described as a family of malware embedded in 53 apps. The malware begins collecting data when the app is first launched and does not require additional interaction from the user. In addition, the malware persists between reboots, meaning that it can continue to communicate with the server.

Android’s latest OS, Oreo, as well as previous Marshmallow and Nougat versions, include a feature that requires apps to asks users to allow additional permissions, such as using a microphone.  However, Wandera’s report notes, roughly half of Android devices are running an older version of Android’s OS and approximately 20% of corporate Android devices allow third-party app installation. To protect against RedDrop infections, organizations should ensure that all devices have the latest OS installed and, for phones incapable of running Marshmallow, Nougat, or Oreo, that third-party app installation is disabled.