NEWS
NEWS
NEWS
DressCode Trojan malware discovered in over 400 Google Play Android apps
New research has discovered more than 400 apps available on the Google Play Android app store that are infected with a DressCode Trojan malware.
Trend Micro Inc. said the malware, also detected as ANDROIDOS_SOCKSBOT.A, was found in over 3,000 Android apps outside of Google Play as well.
The malware disguises itself as a legitimate application to entice the user to download it, including games, skins, themes and phone optimization boosters. In most cases, the actual apps work with the trojan being only a small part of the overall code base. Distribution of the malware may be in the millions, with one particular app, a Grand Theft Auto related modification for Minecraft, having been downloaded between 100,000 and 500,000 times.
Once installed, DressCode communicates with a command and control server and sets up a socket secure (SOCKS) proxy to relay traffic between the attackers and the internal network servers that the compromised device connects to, creating a potentially huge risk for an enterprise network.
According to Trend Micro’s Echo Duan:
This malware allows threat actors to infiltrate a user’s network environment. If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard. With the growth of Bring Your Own Device (BYOD) programs, more enterprises are exposing themselves to risk via carefree employee mobile usage. According to Trend Micro data, 82% of businesses implement BYOD or allow employee personal devices for work-related functions. While this program can increase employee productivity, it can also make companies vulnerable to malware like DressCode.
Protection
It probably goes without saying that the best way to avoid being affected by malware such as DressCode is to practice safe Internet use. Along with having a virus scanner installed on your phone, Trend Micro recommends that if you are downloading a new app to ensure it’s from a legitimate app store and to check reviews online and on the download page to make sure it’s not a malicious app. In addition, the company recommends that Android is updated regularly, although given the dysfunction of the Android update system that may be a hard ask.
Image credit: jlascar/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
