A new Android malware family called DressCode can be used as a proxy to relay attacks inside corporate networks and steal information from servers previously considered secure.
DressCode infected at least half a million Android devices
DressCode transforms infected devices in proxy servers
DressCode Distribution Methods
The DressCode Android malware is distributed mainly by infected Google applications and third-party software repositories. Both locations can be risky for the security of the consumers who download untrusted applications.
- Dangers of infected Google Play Store Apps – The Google Play Store, in comparison with other repositories, has an encouraging policy of distributing applications. And while Google employs a variety of security features that scan apps for malware and other types of cyber threats, they still rely on definitions and heuristic scans that may not detect all types of issues. Google Play is noteworthy for hosting a variety of “copy” applications that mimic famous programs in both appearance and functionality but are not developed by the company that they pretend to be. As a result of their use malware can be spread to the victim machine if they interact with a malicious link or feature of the counterfeit program.
- Third Party Stores – They are often used by users looking to expand the traditional catalog of available apps by using these third party repositories. Most of them do not employ strong security checks (or any at all) and are a popular place for hosting illegal content and malware.
Known DressCode Infected Apps
Check Point experts have provided a list of some of the most popular applications infected with the DressCode malware.