DressCode Malware Infects Hundreds Of Google Play Apps

Matthew Broersma,

The malware could allow hackers to bypass corporate firewalls, according to Trend Micro

Malware that allows attackers to infiltrate organisations’ internal networks has been found on hundreds of applications in Google Play

The malware, called DressCode, was found in more than 400 apps on Google Play and was also identified in other well-known Android marketplaces, IT security firm Trend Micro said.

Mobile malware rise

Google AndroidDressCode is the latest to appear amidst a sharp rise in mobile malware, the firm said, with Android particularly targeted.

Trend said it found 16.6 million pieces of mobile malware in August, up 40 percent from January.

DressCode was found in at least 3,000 apps that had been modified to include the code, including games, skins, themes and handset optimisers. It began spreading in April before being identified in August, according to Trend.

The firm notified Google of the problem in September and the infected apps were removed from Google Play, but only after at least hundreds of thousands of installations.

One application’s Google Play page indicated it had been installed between 100,000 and 500,000 times.

“While DressCode’s infection methods and behaviour aren’t unique, the number of Trojanised apps that found their way to a legitimate app store is certainly significant,” Trend said in an advisory.

Enterprise firewall bypass

DressCode installs a SOCKS proxy on infected devices, creating a general-purpose tunnel that can control and give commands to the device, and can be used to bypass corporate firewalls, Trend said.

“If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard,” the firm warned.

About 82 percent of businesses allow staff to use their own devices at the office or for work-related functions, according to Trend’s data.

The code can also be used to build botnets or attack devices on a home network.

Trend Micro advised users to check the legitimacy of their apps, update mobile operating systems and avoid unsecured Wi-Fi networks.

Infected applications are regularly found on Google Play in spite of Google’s security screening processes.

Last month malware called CallJam was removed from the shop, where it posed as a game but made premium-rate calls in the background once installed on a phone.

Are you a security pro? Try our quiz!