By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    A Malware Classification -Kaspersky Daily
    8 months ago
    Superfish: adware preinstalled on Lenovo laptops
    8 months ago
    Russian-speaking cyber spies from Turla APT group exploit satellites
    8 months ago
    Latest News
    Triangulation: Trojan for iOS | Kaspersky official blog
    5 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
    5 days ago
    Safeguards against firmware signed with stolen MSI keys
    7 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    7 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro released and the 128 GB version already sold out at the online Microsoft Store [Updated]
    8 months ago
    Windows 11 build 22622.590 (KB5017846) outs in the Beta Channel
    8 months ago
    How to protect computer from virus and hackers on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    Nine years of Project Galileo and how the last year has changed it
    Nine years of Project Galileo and how the last year has changed it
    17 hours ago
    Dynamic data collection with Zaraz Worker Variables
    Dynamic data collection with Zaraz Worker Variables
    4 days ago
    Reduce latency and increase cache hits with Regional Tiered Cache
    Reduce latency and increase cache hits with Regional Tiered Cache
    5 days ago
    Cloudflare is deprecating Railgun
    Cloudflare is deprecating Railgun
    5 days ago
    What is two-factor authentication | Kaspersky official blog
    1 week ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Easter egg “I am a teapot” on Google
    8 months ago
    How to block ads with Adguard DNS in Android
    8 months ago
    How to reduce video quality in Chrome?
    8 months ago
    Latest News
    How to generate SSH keys on Windows 11
    7 hours ago
    How to enable file sharing on WSA for Windows 11
    7 hours ago
    How to add CPU, GPU, RAM widgets on Windows 11
    4 days ago
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: DressCode Android Trojan in official Google Play store
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

DressCode Android Trojan in official Google Play store

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
5 Min Read

We often advise Android users to download apps from official app stores only. It is much more secure to search for apps on Google Play because all apps in the store go through rigorous multistep checks and approvals before being finally published.

Contents
What does DressCode do?How do I avoid becoming a part of a botnet?

However, rogue apps have infiltrated Google Play at times. In a recent, massive incident, more than 400 apps on Google Play (and nearly 3,000 in other app stores) turned out to be plagued with the DressCode Trojan.

The malware got its funny name from its first-ever sighting: The Trojan was first detected by researchers back in August 2016, in a number of dress-up apps, a type of gaming app marketed for girls.

One of these games was downloaded 100,000 to 500,000 times from Google Play. Also, other apps were found to be infected by the same Trojan. By then, more than 400 infected apps had been found, about 40 of them on Google Play. The researchers tipped off Google, and the company deleted the rogue apps from the store. But that was just the tip of the iceberg…

By that time another group of researchers had become interested in the Trojan, and they decided to dig deeper and search around various app stores. And just a couple of days ago, the team found about 3,000 apps infected by DressCode at once; more than 400 of them on Google Play.

Most of the affected apps are games or gaming-related apps — for example, apps with tips for gamers and game modifications. Among the malicious apps were a number of performance boosters, optimizers, and other pseudo-useful utilities.

#Parents #Malware #alert #Guide for #PokémonGo Trojan catches Pokémon trainers https://t.co/jtRwuosAOB pic.twitter.com/024MUZV8kd

— Kaspersky Lab (@kaspersky) September 14, 2016

The biggest issue with DressCode is that it is hard to detect. The Trojan’s code is very small compared with the code of its “bearer” program. That’s probably why so many infected apps got through Google’s approval process and into Google Play.

What does DressCode do?

In general, DressCode’s sole purpose is to establish connection to a command-and-control server. Usually, once the connection is established, the server sends a command to the Trojan, putting it to sleep and thus making instant detection almost impossible. Once an adversary decides to use the infected device, they can wake up the Trojan, make it turn a smartphone or a tablet into a proxy server, and use it to redirect Internet traffic.

How do cybercrooks benefit from it?

First, infected devices can be used as a part of a botnet to tunnel requests to certain IP addresses. This method lets criminals boost traffic, generate clicks on banners and paid URLs, and organize DDoS attacks to take down target websites.

Second, if an infected device (say, a corporate smartphone) can access some local network resources, attackers gain access to those as well and can use the device to steal sensitive data.

How do I avoid becoming a part of a botnet?

This is the very rare case when our usual advice — download apps from official stores only — isn’t enough. True, Google Play enjoys a far lower prevalence of malicious apps compared with other Android stores, but 400 infected apps all at once is quite a lot. Besides, they include massive hits such as Minecraft “GTA 5” mode (yes, it really exists), which was downloaded more than 500,000 times.

So we’ll shorten the usual list of recommendations to only two things:

1. Be very cautious when downloading apps. Before installing an unknown app, check user reviews critically, look at its permissions list, and give it some thought. Unfortunately, you cannot trust all Google Play reviews, but at least they can give you some idea of how reliable an app might be.

Don’t trust the reviews and ratings on #GooglePlay https://t.co/3RHVVSkxOj #mobile #apps pic.twitter.com/z2pg7hqg2P

— Kaspersky Lab (@kaspersky) September 1, 2016

2. Install a good security solution on your mobile devices. Kaspersky Antivirus & Security for Android detects DressCode as HEUR:Backdoor.AndroidOS.Sobot.a. If you run a paid version of our protection suite, it automatically scans all new apps and will block any utility laced with DressCode from your device. If you installed a free version, don’t forget to scan your device regularly.


Source: kaspersky.com

Translate this article

TAGGED: Google Play, Malware, Proxy server, Security, Threats, Trojan
Vitus White October 13, 2022 September 30, 2019
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

How to generate SSH keys on Windows 11
News 10 hours ago
How to enable file sharing on WSA for Windows 11
News 10 hours ago
Nine years of Project Galileo and how the last year has changed it
Nine years of Project Galileo and how the last year has changed it
Apps 17 hours ago
Dynamic data collection with Zaraz Worker Variables
Dynamic data collection with Zaraz Worker Variables
Apps 4 days ago
How to add CPU, GPU, RAM widgets on Windows 11
News 5 days ago

Recent Posts

  • How to generate SSH keys on Windows 11
  • How to enable file sharing on WSA for Windows 11
  • Nine years of Project Galileo and how the last year has changed it
  • Dynamic data collection with Zaraz Worker Variables
  • How to add CPU, GPU, RAM widgets on Windows 11

You Might Also Like

News

How to generate SSH keys on Windows 11

10 hours ago
Nine years of Project Galileo and how the last year has changed it
Apps

Nine years of Project Galileo and how the last year has changed it

17 hours ago
Dynamic data collection with Zaraz Worker Variables
Apps

Dynamic data collection with Zaraz Worker Variables

4 days ago
Cloudflare is deprecating Railgun
Apps

Cloudflare is deprecating Railgun

5 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

Reduce latency and increase cache hits with Regional Tiered Cache
Cloudflare is deprecating Railgun
Triangulation: Trojan for iOS | Kaspersky official blog
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Previous Next
Hot News
How to generate SSH keys on Windows 11
How to enable file sharing on WSA for Windows 11
Nine years of Project Galileo and how the last year has changed it
Dynamic data collection with Zaraz Worker Variables
How to add CPU, GPU, RAM widgets on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?