Android is Under Threat! 3000 Apps Are Infected With DressCode Malware!

A new mobile malware has been discovered by security researchers of popular security firm Trend Micro. The name of this new malware is DressCode and a number of android apps have been infected by this malware. The infected apps are available on Google Play and third party play stores. At initial point, the number of infected apps was 400. From these apps, more than 40 apps are available on Google Play Store and rest of the apps belongs to third party app stores. Story isn’t over yet, the actual number of DressCode infected application is 3000. These applications belongs to famous android app vendors.

The most shocking fact is, “Hackers are spreading this Malware since April 2016”.

Which Android Apps are infected?

According to security researchers of Trend Micro, applications of various categories have been infected by DressCode malware. Various Gaming Apps, Mobile Themes, Device boosters and skin apps are on top in the list of infected apps. It is very hard to detect this malware, because the malicious code of this malware had been written by its authors for a small part of every application.

How DressCode Malware Works?

It is a hard coded malware. When victim installs the infected application in device, DressCode malware makes the connection with command and control servers by sending a specially crafted request packet. After that, infected device works as a proxy between the hackers and the internal servers of infected device. Hackers communicate with the infected device through a TCP (Transmission Control Protocol) socket. A remote command is available in the source code of Malware, which creates this TCP socket. Through this socket, DressCode sends a “HELLO” string to Command and Control servers. This “HELLO” string defines that registration of the device on remote servers has been completed. Hackers are using SOCKS protocol to send remote commands toward the infected device.

Benefits For Hackers

In simple words, “Hackers are using this malware to infect android devices. With the help of infected devices, hackers are taking control of internal servers, which are located behind a router in Local Area Network (LAN).” It is possible because, the infected device is creating two TCP Tunnels. First one with CC servers and second one with hackers. Device is getting remote commands from hackers and sending these commands to other servers, which are located behind the router in same LAN. Infected device is just a medium to reach the internal servers.

Also read:

Security Tips for Android phone users!

41 percent mobile phones are at high risk!

Data of Android Users is Under Threat, Just Because Of Qualcomm Software!

Beware Android Users! Hackers could use “SpyNote” named Trojan to Record Your Calls!

Why DressCode Malware is Harmful?

Hackers are using the infected device as a proxy. They can expose the information of both the device owner and the internal servers.

Hackers can hijack the internal servers of that network, which has been used by the infected device. If victim is using the infected device by connecting it with the servers of an organization, hackers can infiltrate the whole network which could cause major problems.

Hackers can bypass NAT to damage the servers. They can also dump the whole database by using the infected device as a springboard.

Hackers are installing SOCKS proxy in infected device, which can allow hackers to use the device as a botnet to perform DDoS attack and spam campaigns.