The experts of the company Check Point have discovered a new type of malicious Android applications. The Trojan, called DressCode, makes the smartphone part of a botnet that steals data from protected servers and to carry out attacks on the services in the Network.
As reported by Securitylab, malware is distributed as part of Android apps in Google Play. Specialists found more than 40 such applications in the official Google and more than 400 similar programs in third party app stores. A full list of applications published in the blog Check Point.
Trojan is able to take control of infected Android smartphone and connect it to the botnet. In fact, the “malware” acts as a lighthouse, constantly communicating with the command server of the hackers. As soon as the operator of the botnet decides which malicious actions to be performed, it sends the appropriate code for the desired device.
Once on the device, DressCode communicates with the managing server. After the connection is established, the C&C server Trojan translates into “sleep” mode until then, until you need to use the infected device. When activated, the malware infected the gadget turns into a SOCKS proxy that can be used to redirect traffic.
Thus the attacker can gain access even to the protected firewall networks. Sending a malicious command on the affected mobile device, an attacker can force it to scan the network for useful information.
Attackers are actively using a botnet to distribute spam ads and fake clicks in order to make personal gain. According to statistics from Google Play, containing DressCode apps have been downloaded between 500,000 and 2 million times.
