DressCode was first introduced to researchers in April 2016, but widely known in September 2016. Then, experts at Check Point found malware in more than 40 applications from the official Google Play catalogue and reported that more than 400 applications in third-party directories were infected in total.
Let me remind you that DressCode features functionality, which is more common in ordinary trojans, oriented to desktop devices. Once the victim has downloaded and installed a malicious application, the SOCKS proxy is installed on its device. Researchers believe that infected bots are mainly engaged in advertising cliques, generating fake traffic and bringing financial benefits to their operators.
However, analysts at Check Point warned that such a botnet could be used for other purposes, including penetration of various companies into the network. Since the malware turns a device into a SOCKS proxy through which attackers miss traffic, attackers can use this function to penetrate the “home” network of the device, including the protected one and belonging to an organization.
Now own research, devoted to DressCode, was presented by analysts of Trend Micro. Researchers write that the number of infected DressCode applications continues to grow. Malware is hidden in games, skins, themes, applications to optimize the operation of the device and so on.
“Although the methods of infection that DressCode uses are not unique, it is very noticeable that many applications have managed to penetrate the official Google Play catalog,” Trend Micro experts say.
Indeed, Trend Micro’s data looks much more depressing. Experts found malware in the composition of 3000 applications, more than 400 of which are placed on the official Google Play. Some of them have been downloaded 100 000 – 500 000 times. Experts Trend Micro also note that DressCode poses a great danger for the internal networks of various companies:
“If an infected device is connected to a corporate network, an attacker can bypass NAT devices and attack an internal server, or download sensitive data using an infected device as a springboard. As the “Bring Your Own Device (BYOD)” programs are becoming more popular, more companies are exposing themselves to risks because their employees are not careful with mobile devices. “