‘DressCode’ malware that infects Google Play Store apps detected

September 8, 2016 | By James Raymond
1 Star2 Stars3 Stars4 Stars5 Stars
Loading...

Here’s some news for android users who know that it’s not just antivirus for android that’s needed for virus removal or to encounter malware threats; it’s a thorough understanding of malware and their functioning that matters…

malware attack

 

It was a few months ago that the research team at security firm Check Point Software Technologies Ltd. uncovered a new Android malware called Viking Horde, which infected Google Play apps. Viking Horde managed to bypass Google Play malware scans for a couple of months and remained undetected. Now, researchers at Check Point have detected another malware that has infected over 40 apps in the Google Play Store. This malware has been named DressCode.

A recent post made in the Check Point blog says- “The Check Point mobile threat prevention research team discovered a new Android malware on Google Play, called “DressCode,” which was embedded into more than 40 apps, and found in more than 400 additional apps on third party app stores. Check Point notified Google about the malicious apps, and some have already been removed from Google Play.”

As per Check Point researchers, the oldest of these apps were uploaded to Google Play in April and remained undetected till recently. In the meantime, these apps were downloaded. Some reached between 100,000 and 500,000 downloads each. Thus, it could be understood that between 500,000 and 2,000,000 users downloaded the malicious apps from Google Play.

How DressCode malware works

DressCode created a botnet that uses proxied IP addresses. These IP proxied addresses are used to disguise ad clicks and generate false traffic, thereby generating revenue for the attacker. The botnets, as per Check Point researchers, “can be used for various reasons based on the distributed computing capabilities of all the devices”.

After being installed on a device, DressCode initiates communication with its command and control server. After the initial connection is established, the C&C server orders the malware to “sleep,” to keep it dormant until there’s a use for the infected device. Later, when the attacker wants to activate the malware, he would turn the device into a socks proxy and reroute traffic through it.

Beware of DressCode

Users need to be always cautious of malware like DressCode since it could cause much harm and could lead to data breach too. The Check Point blog says- “Both Viking Horde and DressCode malware create botnets which can be used for various purposes, and even to infiltrate internal networks. Since the malware allows the attacker to route communications through the victim’s device, the attacker can access any internal network to which the device belongs. This can compromise security for enterprises and organizations.”

Thus it becomes very much imperative for us to keep ourselves updated about malware and their workings than just being armed with antivirus for android.

Antivirus for Android


Secure your website today

Free Web Security Software

Related Resources:

Best Malware Removal Tool

 

Be Sociable, Share!
Be Sociable, Share!

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>