Here at Komando.com, we constantly remind you about the dangers of downloading and installing apps from unofficial sources. Since side-loaded apps from unknown locations are not checked nor verified against the guidelines imposed by the official Google Play or Apple app stores, this practice increases the risk of having your phone or tablet infiltrated by malware or fake phishing apps.
By putting our trust in the verification process of these official app stores, we rely on the judgment of their respective curators and gatekeepers to keep us safe from potential harm brought about by apps with malicious intent.
But what if apps secretly embedded with malware could slip by these checks and pass the review process required by these app stores?
This is exactly what security researchers from Check Point found in more than 40 Android apps in the Google Play app store. The malware called "DressCode" is reported to be infecting apps ranging from mobile games to user guides. An additional 400 applications from third-party app stores were also found to be infected with this strain of malware.
The oldest apps that have been detected to be embedded with the malware were introduced to the Google Play app store on April 2014. A reported 500,000 to 2 million users have downloaded the DressCode infected apps from Google Play.
Check Point revealed that the DressCode malware turns infected Android smartphones and tablets into botnets that relay communication through a proxy server. A botnet is a device secretly controlled by a hacker to perform a variety of tasks, such as denial-of-service attacks, message spamming, or in DressCode's case, generating false ad clicks for profit.
Once installed on a device, DressCode initializes itself by contacting its command and control server. It is then ordered to lay dormant until the malware's masters activate it, turning the device into a proxy server for rerouting ad traffic.
For now, profit from false ad clicks appears to be the sole purpose of the DressCode malware but Check Point warns that botnet attacks like this can be used for even more nefarious deeds such as infiltrating networks. "Since the malware allows the attacker to route communications through the victim’s device, the attacker can access any internal network to which the device belongs. This can compromise security for enterprises and organizations," wrote Check Point's research team in their blog post.
Check Point already notified Google about these infected apps and most have already been removed from the Google Play app store.
Here is a list of the DressCode infected packages as provided by Check Point:
If you have downloaded any of these apps in the past and you still have them installed on your Android phone or tablet, please uninstall and delete them immediately. We don't know the extent of control DressCode has on a compromised device but this is the first step that we recommended.
To read more about Check Point's report about DressCode, please visit their official blog post.