A dangerous Trojan is infecting over 400 Android apps. The malware, named DressCode, converts infected apps in proxy servers.
Cybersecurity firm Check Point has identified 40 malicious apps from the Play store and over 400 apps on third-party application markets with the same infection. The malware is capable of creating a botnet through infected apps that can gain access to device controls.
Botnets are generally used for various phishing purposes and distribute malware, ransomware, ads and even phishing links. The capabilities of a bonnet depend on its size.
According to Check Point researchers, the botnet initiates communication with control server upon installation of an infected app. The control server hibernates the malware and keeps it dormant until attacker wants to initiate any activity. It also reroutes the traffic through malware by converting the device in socks proxy.
“Once installed on the device, DressCode initiates communication with its command and control server. Currently, after the initial connection is established, the C&C server orders the malware to ‘sleep’, to keep it dormant until there’s a use for the infected device,” Check Point researchers Alon Menczer and Alexander Lysunets wrote in a blog post.
As DressCode malware is capable of accessing device hardware, it can route traffic through networks in infected device’s vicinity. This can be a big threat to the security of organisations.
Google has taken a serious note of DressCode malware and has already begun the process of removing infected apps from Play Store. However, Check Point believes that from 500,000 to 2,000,000 users might be at risk. DressCode-infected apps were initially found back in April.