DressCode violation: New Android malware discovered on Google Play

by Alon Menczer and Alexander Lysunets, Check Point Research Team New malware found on the android platform Google Play has been dubbed ‘DressCode’ and has been found to...

by Alon Menczer and Alexander Lysunets, Check Point Research Team

New malware found on the android platform Google Play has been dubbed ‘DressCode’ and has been found to have been embedded in more than 40 separate apps. In addition, a further 400 apps are also known to have been affected across other third party stores.

Discovered by the Check Point mobile security research team, DressCode remains dormant on a user’s device until such time as the author decides to activate it. In the same way that this year’s earlier malware, Viking Horde, operated, DressCode creates a botnet which can divert traffic and clicks to a target site of the attackers choosing. The benefit to the attacker is an increased revenue by creating false traffic to a host site.

It works by using proxied IP addresses and disguising ad clicks from the user and is a common way in which malware is used to create a fake audience to generate money. In some ways, the malware’s prime function is not a major nuisance to the user as it does no direct harm. There is some common misconception that DressCode is therefore entirely harmless.

However, if communications are routed through your device under someone else’s control then it is feasible that any internal network that the user is connected to is also at risk of infiltration. Whilst the initial fraudsters who authored DressCode may not be interested in attacking internal networks, there are certainly plenty of cyber criminals who would take advantage of this widespread vulnerability.
And it is already widespread.

The oldest app found on Google Play was uploaded in April 2016 and remained undetected until the autumn. It is estimated that up to 2 million users have downloaded an infected app from Google Play with figures for third party app stores undetermined. The scale is pretty huge and the possible implications severe.

Check Point has already demonstrated the ease with which the malware can be used to infiltrate an internal network and access sensitive files.

The risk of malware on mobile apps remains a permanent risk. A risk that can be reduced and/or mitigated by vigilance and robust security measures. Don’t risk a dress code violation.

In this article

Join the Conversation