DressCode Android Malware Capable of Stealing Data from Corporate Networks

DressCode Android malware is now packaged into more than 3,000 apps, many of which are available through the Google Play store according to Trend Micro. The malware is spreading fast and has been since April, although it was only discovered in August this year.

One of the main risks from infection with the malware is not the theft of data from the device itself, but from any networks to which the device connects. If a personal device infected with the malware is used to access a corporate network, the malware could potentially steal a wealth of data. Since 82% of companies have a BYOD policy or allow the use of personal devices to access corporate networks, many companies are likely to be at risk of an DressCode Android malware attack.

The malware has been discovered in over 400 apps available through the Google Play store and in thousands from non-official app stores. Since Trend Micro first discovered the malware more than a month ago, the number of infected apps has increased tenfold.

Part of the problem with DressCode Android malware is it only forms a very small part of the app, thus making it particularly difficult to detect. So far the malware has been found in a wide range of apps such as games, themes, skins, and phone boosters. Google has already taken action and has removed most of the infected apps from its store. However, some of the infected apps have been downloaded more than 100,000 times already. One app was reportedly downloaded 500,000 times.

A great many devices could already be infected. Trend Micro has already detected many infections in the United States, France, Israel and Ukraine.

Once installed, the compromised device acts like a tunnel through while the attackers can move. A SOCKS proxy is installed which allows the attackers to control the device and issue commands. The attackers can use the compromised device to bypass corporate security controls and explore the networks to which the device connects. The attackers can also use the device to steal corporate data virtually undetected.

In addition to attacking corporate networks, the device can be used to attack other devices plugged into the same home network. DressCode Android malware can also be used to build botnets capable of conducting DDoS attacks.

Mobile devices lacking any form of anti-malware software are particularly at risk, as are individuals who download apps from non-official app stores.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news