DressCode malware family, which converts infected Android apps into proxy servers, has now reportedly trojanised more than 400 apps on Google Play Store. The malware comes with a notable risk for devices that are being used on corporate networks and under Bring Your Own Device (BYOD) programmes in enterprises.
Security firm Trend Micro reports that DressCode has so far trojanised at least 3,000 apps. This shows a seven times increase from August this year and makes the malware a stealthily spreading fear for Android users.
“This malware gives attackers an avenue into internal networks which compromised devices are connected to—a notable risk if the device is used to connect to company networks,” said Echo Duan, a mobile threat response engineer at Trend Micro, in an official report.
As reported earlier this year, DressCode connects the trojanised apps with a certain command and control (C&C) server and enables attackers to create a TCP socket using a background service to provide backdoor access.
“The compromised device can act as a proxy that relays traffic between the attacker and internal servers the device is connected to—think of it as a tunnel,” Duan explained.
The malware family exposes Android devices to a variety of security risks. Using a general purpose tunnel, the malware can infiltrate an enterprise network environment and enable attackers to download sensitive data or attack the internal server through the infected device. It can also turn devices into bots and design a botnet to push distributed denial-of-service (DDoS) attacks.
Trend Micro claimed that DressCode has largely infected enterprise users in countries like the US, France, Israel and Ukraine among others.
Users are recommended to download apps only from a legitimate app store and notice review ratings before hitting the download button on their devices. The latest patches through software updates are also advised to be installed to restrict trojanised apps. Additionally, users with rooting devices need to be aware of vulnerabilities.
So what would make this a useful article would be to list, or point us to a list, of all the known infested apps. Telling us to download “only from a legitimate app store” is kind of meaningless, sine even Play Store apps were affected.