New research has discovered more than 400 apps available on the Google Play Android app store that are infected with a DressCode Trojan malware.

Trend Micro Inc. said the malware, also detected as ANDROIDOS_SOCKSBOT.A, was found in over 3,000 Android apps outside of Google Play as well.

The malware disguises itself as a legitimate application to entice the user to download it, including games, skins, themes and phone optimization boosters. In most cases, the actual apps work with the trojan being only a small part of the overall code base. Distribution of the malware may be in the millions, with one particular app, a Grand Theft Auto related modification for Minecraft, having been downloaded between 100,000 and 500,000 times.

Once installed, DressCode communicates with a command and control server and sets up a socket secure (SOCKS) proxy to relay traffic between the attackers and the internal network servers that the compromised device connects to, creating a potentially huge risk for an enterprise network.

According to Trend Micro’s Echo Duan:

This malware allows threat actors to infiltrate a user’s network environment. If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard. With the growth of Bring Your Own Device (BYOD) programs, more enterprises are exposing themselves to risk via carefree employee mobile usage. According to Trend Micro data, 82% of businesses implement BYOD or allow employee personal devices for work-related functions. While this program can increase employee productivity, it can also make companies vulnerable to malware like DressCode.

Protection

It probably goes without saying that the best way to avoid being affected by malware such as DressCode is to practice safe Internet use. Along with having a virus scanner installed on your phone, Trend Micro recommends that if you are downloading a new app to ensure it’s from a legitimate app store and to check reviews online and on the download page to make sure it’s not a malicious app. In addition, the company recommends that Android is updated regularly, although given the dysfunction of the Android update system that may be a hard ask.

Image credit: jlascar/Flickr/CC by 2.0