When most malware scares break out, Google has already been notified and added the necessary checks to Google Play’s automatic gatekeeper to ensure apps with the malware are denied entry. Unfortunately, not all malware is accounted for, and sometimes a few apps get through with some nasty code.
The latest such malware is being called DressCode which has been found in 40 apps available through Google Play (and over 400 apps if we’re talking about third-party sources). Check Point, the research firm who alerted Google about the malware, talks about it here:
Similar to Viking Horde, DressCode creates a botnet that uses proxied IP addresses, which Check Point researchers suspect were used to disguise ad clicks and generate false traffic, generating revenue for the attacker. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots can be used for various reasons based on the distributed computing capabilities of all the devices. The larger the botnet, the greater its capabilities.
Once installed on the device, DressCode initiates communication with its command and control server. Currently, after the initial connection is established, the C&C server orders the malware to “sleep,” to keep it dormant until there’s a use for the infected device. When the attacker wants to activate the malware, he can turn the device into a socks proxy, rerouting traffic through it.
Google has already removed several of the affected apps from Google Play, and we’d be surprised if we went much longer without all of them eventually being zapped. Check ahead for the full list of package names to ensure none of them are on your device.