Over 40 Apps on Google Play were infected by DressCode malware. This malware which affects Android based smartphones made its entry into Google Play in April 2016. The malware was discovered by experts at Israel based cybersecurity firm Check Point. According to Check Point it identified atleast 40 Apps on Google Play infected with DressCode and around 400 similar Apps distributed via third-party sources.
Digging deeper into the issue, Google Play Statistics revealed that DressCode apps have already infected between half a million to 2 million users. Amazing as it might seem one of the most successful apps has downloads ranging from 100,000 to 500,000.
(One of the Infected Apps found on Google Play. Source : Check Point)
Technically, the malware connects the infected devices to botnet after hijacking them. It acts like a beacon that keeps on continuously communicating with the remote server or the Command and Control server of the botnet. The hacker then sends commands to the malware from the Command & Control server to execute any malicious action. Apart from that a SOCKS proxy is set up on the infected device which enables the malware to communicate with Command & Control Server even through firewalled networks thus making even corporate networks vulnerable.
(One of the infected Apps found on Google Play. Source : Check Point)
However this is being considered as a worst case scenario in which the attacker scans corporate network and steals sensitive information. Most likely the major purpose behind DressCode is to deliver Ads and perform click-fraud for financial gains. This is somewhat similar to a previously known malware Viking Horde which was also discovered by Check Point.
As of now Google has removed all the infected Apps from Google Play at Check Point’s instance. All Android based smartphone users must update their phone antivirus software and strictly not download any App from unknown third party sources. Click here to checkout the list of infected Apps. Remove them ASAP if you have installed them.