Mass Android malware outbreak menaces corporate networks

By

"DressCode" Trojan infects thousands of apps.

Enterprises with Android devices risk having their networks compromised by a rapidly spreading Trojan Horse, according to researchers.

Mass Android malware outbreak menaces corporate networks

First discovered at the end of August by Check Point Software, the "DressCode" malware has been quietly spreading since at least April this year, according to security vendor Trend Micro.

Trend Micro mobile threat response engineer Echo Duan said the security vendor had found DressCode in over 400 apps on the official Google Play store. In its August report, Check Point said DressCode was embedded in more than 40 apps on Google Play.

The malware is found in several types of apps, including games, skins and themes for Android, as well as phone optimisation utilites, many of which have been installed hundreds of thousands of times.

In total, Trend Micro said it had found "DressCode" in at least 3000 apps. One reason the Trojan is so widespread is that the malicious code forms only a small part of the infected app, and therefore is difficult to detect.

"DressCode" communicates with a command and control server after installation and sets up sockets secure (SOCKS) proxy to relay traffic between attackers and the internal network servers that the compromised device connects to.

This allows the malware to bypass network address translation (NAT) which would normally prevent direct connections from the internet to internal enterprise networks with non-routable private addresses.

Apart from intercepting data, Trend Micro said "DressCode" can be used to build botnets that are set up to conduct large-scale distributed denial of service attacks, click-jacking for advertising fraud, and compromising networked cameras.

The security vendor suggested Android device users take precautions like applying updates, being careful with the apps they install, minimising the use of public wi-fi and not "rooting" or bypassing the security lock-downs on their smartphones.

Google has been notified about the Trojanised apps and removed many of them from the Play store, the security vendors said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
androidmalwaresecuritytrend micro

Sponsored Whitepapers

Nine Ways To Prepare Your Database for a High-Traffic Event
Nine Ways To Prepare Your Database for a High-Traffic Event
How to Put AI at the Heart of Business Growth
How to Put AI at the Heart of Business Growth
Streamline Your Processes and Reduce Managed File Transfer Expenses
Streamline Your Processes and Reduce Managed File Transfer Expenses
Maximise Your Azure Investment with Fusion5
Maximise Your Azure Investment with Fusion5
CyberArk's 2024 Playbook: Identity Security and Cloud Compliance
CyberArk's 2024 Playbook: Identity Security and Cloud Compliance

Events

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov
Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach
Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter
CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Digital Nation

State of Security 2023
State of Security 2023
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia

Log In

  |  Forgot your password?