Saturday, September 3, 2016

new malware discovered in Android apps on the Google Play store : DRESSCODE

Google Play Store Android Malware


Some people dismiss the threat that malware poses in the Android world, but the problem is still real. Individuals with malicious intent will always target the most popular operating systems, and Android is one of them. A new report details a troubling new malware strain that has been found in the wild, and this time around it wasn’t discovered just in shady third-party app stores. It was also found in apps approved in the Google Play store in spite of Google’s various protections.





Researchers from Check Point discovered malware they’re calling DressCode in 40 Google Play store apps and more than 400 apps listed in third-party app stores.

The company says that the oldest DressCode-infected apps in the Google Play store date back to April 2016, with some of them reaching anywhere from 100,000 to 500,000 downloads. According to the researchers, anywhere from 500,000 to 2,000,000 users might be at risk after downloading the apps.
DressCode apps were used to create a botnet that was behind various actions that occurred on devices without users’ knowledge or consent, including generating ad clicks and false traffic to some websites. The following video also explains how DressCode works:



“Once installed on the device, DressCode initiates communication with its command and control server,” the researchers wrote. “Currently, after the initial connection is established, the C&C server orders the malware to “sleep,” to keep it dormant until there’s a use for the infected device. When the attacker wants to activate the malware, he can turn the device into a socks proxy, rerouting traffic through it.”

The malware could be even more dangerous than that. “Since the malware allows the attacker to route communications through the victim’s device, the attacker can access any internal network to which the device belongs. This can compromise security for enterprises and organizations,” Check Point added.
Google has removed the affected apps, but Check Point has a full list of apps that were infected on this page, so be sure to check it out and ensure that you weren’t exposed.

0 comments:

Post a Comment