Sep 12th, 2016

When most malware scares break out, Google has already been notified and added the necessary checks to Google Play’s automatic gatekeeper to ensure apps with the malware are denied entry. Unfortunately, not all malware is accounted for, and sometimes a few apps get through with some nasty code.

The latest such malware is being called DressCode which has been found in 40 apps available through Google Play (and over 400 apps if we’re talking about third-party sources). Check Point, the research firm who alerted Google about the malware, talks about it here:

Similar to Viking Horde, DressCode creates a botnet that uses proxied IP addresses, which Check Point researchers suspect were used to disguise ad clicks and generate false traffic, generating revenue for the attacker. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots can be used for various reasons based on the distributed computing capabilities of all the devices. The larger the botnet, the greater its capabilities.

Once installed on the device, DressCode initiates communication with its command and control server. Currently, after the initial connection is established, the C&C server orders the malware to “sleep,” to keep it dormant until there’s a use for the infected device. When the attacker wants to activate the malware, he can turn the device into a socks proxy, rerouting traffic through it.

Google has already removed several of the affected apps from Google Play, and we’d be surprised if we went much longer without all of them eventually being zapped. Check ahead for the full list of package names to ensure none of them are on your device.

  1. com.dark.kazy.goddess.lp
  2. com.whispering.kazy.spirits.pih
  3. com.shelter.kazy.ghost.jkv
  5. com.dress.up.Musa.Winx.Stella.Tecna.Bloom.Flora
  6. com.dress.up.princess.Apple.White.Raven.Queen.Ashlynn.Ella.Ever.After.High
  8. com.dress.up.Cerise.Hood.Raven.Queen.Apple.White.Ever.After.Monster.High
  10. com.cute.dressup.anime.waitress
  11. com.rapunzel.naughty.or.nice
  12. guide.slither.skins
  14. guide.lenses.snapchat
  15. com.minecraft.skins.superhero
  16. com.catalogstalkerskinforminecraft_.ncyc
  17. com.applike.robotsskinsforminecraft
  18. com.temalebedew.modgtavformcpe
  19. com.manasoft.skinsforminecraftunique
  20. com.romanseverny.militaryskinsforminecraft
  21. com.temalebedew.animalskinsforminecraft
  22. com.temalebedew.skinsoncartoonsforminecraft
  23. com.str.carmodsforminecraft
  24. com.hairstyles.stepbystep.yyhb
  25. com.str.mapsfnafforminecraft
  26. com.weave.braids.steps.txkw
  27. mech.mod.mcpe
  28. com.applike.animeskinsforminecraftjcxw
  29. com.str.furnituremodforminecraft
  32. com.vladgamerapp.skins.for_.minecraft.girls
  33. com.zaharzorkin.cleomodsforgtasailht
  34. com.temalebedew.ponyskins
  36. com.gta.mod.minecraft.raccoon
  37. com.applike.hotskinsforminecraft
  38. com.applike.serversforminecraftpe
  39. com.zaharzorkin.pistonsmod
local_offer    Android Security   Malware