Click to Skip Ad
Closing in...

Brand new malware discovered in Android apps on the Google Play store

Published Sep 2nd, 2016 7:00PM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Some people dismiss the threat that malware poses in the Android world, but the problem is still real. Individuals with malicious intent will always target the most popular operating systems, and Android is one of them. A new report details a troubling new malware strain that has been found in the wild, and this time around it wasn’t discovered just in shady third-party app stores. It was also found in apps approved in the Google Play store in spite of Google’s various protections.

DON’T MISS: Everything you need to know about Samsung’s unprecedented Galaxy Note 7 recall

Researchers from Check Point discovered malware they’re calling DressCode in 40 Google Play store apps and more than 400 apps listed in third-party app stores.

The company says that the oldest DressCode-infected apps in the Google Play store date back to April 2016, with some of them reaching anywhere from 100,000 to 500,000 downloads. According to the researchers, anywhere from 500,000 to 2,000,000 users might be at risk after downloading the apps.

DressCode apps were used to create a botnet that was behind various actions that occurred on devices without users’ knowledge or consent, including generating ad clicks and false traffic to some websites. The following video also explains how DressCode works:

“Once installed on the device, DressCode initiates communication with its command and control server,” the researchers wrote. “Currently, after the initial connection is established, the C&C server orders the malware to “sleep,” to keep it dormant until there’s a use for the infected device. When the attacker wants to activate the malware, he can turn the device into a socks proxy, rerouting traffic through it.”

The malware could be even more dangerous than that. “Since the malware allows the attacker to route communications through the victim’s device, the attacker can access any internal network to which the device belongs. This can compromise security for enterprises and organizations,” Check Point added.

Google has removed the affected apps, but Check Point has a full list of apps that were infected on this page, so be sure to check it out and ensure that you weren’t exposed.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.