Forty applications in the Google Play store contain a new family of malware, dubbed DressCode. The malicious applications could be used to infect corporate BYOD mobile devices and access internal network or corporate web servers, according to Check Point researchers.
The malware family is named “DressCode,” after one of the popular malicious applications, a game called “Dress up Musa Winx.” Other malicious apps found on Google Play included “Dress up princess Apple White,” “Forsaken House,” and "Dark Goddess.” Another 400 applications embedded with the malware strain were discovered on third-party app stores.
Check Point mobile security evangelist Jeff Zacuto told SCMagazine.com that enterprises “rely on the protections that Google uses to keep end users personal information safe” but he said many enterprises are “slow to realize that securing mobile endpoint(s) is critical” due to the vulnerable nature of Android devices.
An attacker could exploit infected mobile devices by establishing communication with the device and sending the device a command to retrieve internal files from internal networks if the infected device has access to an internal corporate network.
In a Wednesday blog post, Check Point researchers Alon Menczer and Alexander Lysunets wrote that Google has removed some of the malicious apps from Google Play. The oldest apps containing the DressCode malware family were uploaded into the Google Play store in April. Between 500,000 and 2,000,000 users downloaded the apps from Google Play.
The malware strain uses proxied IP addresses to create smartphone-enabled botnets, a method that is similar to the attack employed by the Viking Horde malware discovered by Check Point in May. “The ability to turn these devices in zombies is the scary aspect,” Zacuto told SCMagazine.com. “It's kind of like sleeper cells.”
The attack method goes beyond targeted attacks and enables “targeted attacks with laser precision,” he added.