Over 400 instances of Dresscode malware found on Google Play store, say researchers

Spyware disguised as hundreds of legitimate Android apps.
Written by Danny Palmer, Senior Writer

Unwitting victims may have given Dresscode access to their enterprise networks...

Image: iStock

More than 400 apps available via the official Google Play Store contain the Dresscode Trojan malware, according to researchers.

The Dresscode malware first appeared in April: once downloaded by an unwary user, Dresscode can be used by those controlling it to conduct cyberespionage, download sensitive data, or recruit other devices on the network into a botnet.

Cybersecurity researchers at Trend Micro have warned that over 400 instances of Dresscode malware are available for download from the Google Play store where, using a similar technique to the Viking Horde malware, it masquerades as a legitimate application to trick the user into downloading it.

Dresscode apps disguised as games, skins, themes, and phone optimization boosters have all been spotted in the store: the Trojan is only a small part of the app, making it much harder to spot.

According to Google Play's own download statistics, one particular malicious app -- a Grand Theft Auto related modification for Minecraft -- has been installed between 100,000 and 500,000 times, meaning this app alone could've infected almost a half a million users with Dresscode. It's just one of hundreds on the Google Play store and at least 3,000 more instances available to download via other Android app markets.

Once a malicious app carrying Dresscode is installed, it will communicate with a command and control server which is able to issue commands, including the instruction to infiltrate the network the infected device is connected to, an act which can put a whole enterprise network at risk.

The rise of bring-your-own-device and employees connecting their smartphones to enterprise networks means those behind Dresscode have an ever-growing inventory of potential targets.

While the malware isn't targeted at a specific individual like a sophisticated phishing scheme, the sheer number of infected apps downloaded means cybercriminals are likely to locate a wide variety of lucrative targets to potentially steal data from.

In addition to enabling the theft of data, devices infected with Dresscode can end up part of a botnet for the use of distributed denial-of-service (DDoS) attacks or spam email campaigns. The botnet is also capable of using proxied IP addresses generated by the malware to create fake traffic for ad clicks to generate money for the attackers -- a tactic which could cost the victim money.

Researchers also warn that Dresscode is also a threat to home networks, especially if the infected device is able to connect to a home router with an easily crackable password. Attackers could gain control of every device in the home this way.

Ultimately, the one way users can avoid becoming infected with Dresscode is to be mindful of what they're downloading - especially if it's not from an official Android app outlet. A little research into the reviews could be all it takes to determine whether an app is malicious or not.

When asked for comment on the situation, a Google spokesperson told ZDNet "We're aware of the issue and we've taken the necessary actions."

Read more on cybercrime

Editorial standards