Malicious 'DressCode' Malware Now Spreading Across App Stores

Google Play offers a myriad of great apps, but some infected ones bypass the vetting process and end up infecting the mobile devices of Android users.

A recent wave of panic went through the Android community as it was revealed that more than 400 apps transformed infected phones into listening posts. What is more, the tampered phones are capable of siphoning sensitive data from protected networks and share them with malicious users.

In a blog post, security researchers from Trend Micro affirm that an app carrying the so-called DressCode malware was downloaded between 100,000 and 500,000 times prior to being removed from the Google-hosted marketplace

Specifically, the app is dubbed Mod GTA 5 for Minecraft PE and it appears to be just another mobile game. However, the developers of the "game" embedded mischievous components in its code that allow the phone to connect with a server that is being controlled by the attacker.

Normally, when devices use a network, something called network address translation protections keep them away from harm, but the malign server was crafted to bypass the shielding system.

Trend Micro explains that via the malware, threat actors get unauthorized access to a user's network ecosystem. This means that should an infected device log in to an enterprise network, this enables the attacker to go around the NAT device and strike the internal server directly. Another way to make use of the infiltrated device is to use it "as a springboard" to siphon sensitive data.

This is not the first time in recent history when Google Play was reportedly breeding security liabilities. About three weeks ago, experts with security firm Check Point discovered 40 DressCode-infected apps in Google Play. At the time, Check Point reported that infected apps scored between 500,000 and 2 million downloads on the Android app platform.

According to Trend Micro, it is quite challenging to pinpoint which part of the app contains malicious functions.

Google did respond to the security researchers' blog post in an email to Ars Technica, noting that it is "aware of the issue." The company said that it focuses on resolving the security problem as soon as possible.

In 2012, Google rolled out Bouncer, a cloud-based security scanner that eliminates malicious apps from its Play Store. In the four years that passed, researchers who are keeping an eye on Google Play Store detected and reported on thousands of apps that come packed with malware and other security exploits.

This makes one wonder if Bouncer is maybe in need of an update.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics