40 Android Apps Come with DressCode Android Malware

An all new Android malware family is seen and is called DressCode.   This can be  can be used as a proxy to perform various relay attacks inside corporate networks and thus steal the information from the servers previously considered secure.
The name of the malware came from its authors who have dressed-up the names of various games to figure out the malware  name.

The security firm that discovered this threat,Check Point, says that they identified over 40 apps on the Google Play store that are infected with this malware, and also over 400 similar apps are distributed through unofficial third-party stores out there.

So far, the DressCode-infected apps have made their way into the Google Play Store since April 2016. But the Google has intervened and removed some apps  during their Check Point.

According to the Google Play statistics, DressCode apps have infected between 500,000 and 2,000,000 users. With most of the downloads coming from their famous one with  around 100,000 and 500,000 downloads just by itself.

Coming to the  technical level, the DressCode malware has malicious code which hijacks the infected devices and connects them to their own botnet.

The Communications between the C&C server and malware are done using  SOCKS proxy that is set up on the infected device. This proxy will allow the botnet operator to reach to even the firewalled networksc that are deep inside corporate infrastructure.

Attackers can use this scene to send malicious commands to the infected device, which could scan the network for any valuable information and the attacker could then steal, or escalate their access.

Before discovering DressCode, the Check Point team had found Viking Horde, a similar Android malware family that also focuses on delivering ads, by using a proxy to interconnect bots and their C&C server.

Hope this was helpful.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil