- Oct 23, 2012
- 12,527
An Android malware family discovered this year has slowly spread and has become a big problem, currently found in over 3,000 Android application, 400 of which could be downloaded from the official Google Play Store, at one point or another.
Security researchers saw first versions of this malware in April, but the trojan came to the media's attention in late August, when Check Point found over 400 apps infected with this malware, 40 of which they found on the Google Play Store.
According to a more recent report from Trend Micro, the number of DressCode-infected apps has skyrocketed, and because of the malware's features, DressCode has become a danger for corporate networks.
DressCode's primary feature is a proxy
The malware has a unique feature, which you regularly see in desktop trojans, but which is much rarer in mobile threats.
After users download a DressCode-infected app from unofficial third-party app stores or the Google Play Store, the malware will set up a SOCKS proxy on the device.
Security researchers saw first versions of this malware in April, but the trojan came to the media's attention in late August, when Check Point found over 400 apps infected with this malware, 40 of which they found on the Google Play Store.
According to a more recent report from Trend Micro, the number of DressCode-infected apps has skyrocketed, and because of the malware's features, DressCode has become a danger for corporate networks.
DressCode's primary feature is a proxy
The malware has a unique feature, which you regularly see in desktop trojans, but which is much rarer in mobile threats.
After users download a DressCode-infected app from unofficial third-party app stores or the Google Play Store, the malware will set up a SOCKS proxy on the device.
This proxy acts like a pivot point for the malware's creators, allowing them to connect to the device, and access the network on which the device is connected to.
If the smartphone owner is at work, using his company's Wi-Fi, then the attacker has access to that network as well, allowing him to scan the internal network for weak points and attack servers and devices which would normally be protected by a firewall.
Since all traffic is funneled via the SOCKS proxy, firewalls will brand it as normal web browsing.
Mobile malware numbers grew 40%
"While DressCode’s infection methods and behavior isn’t unique, the number of Trojanized apps that found their way to a legitimate app store is certainly significant," said Echo Duan, Mobile Threat Response Engineer for Trend Micro.
In the past, there have been multiple instances where malware has made its way into the Google Play Store. Nevertheless, with a 40 percent increase in mobile malware compared to the same period of last year, these type of events are about to get more common.
As for DressCode, security researchers say they've seen it used to commit ad click fraud, but the malware could also be used for DDoS attacks if its creators ever wished to do so.
