Home Security Trojanised apps in legitimate app stores – new DressCode threat

Trojanised apps in legitimate app stores – new DressCode threat

The common belief is that it was safe to download from official apps stores like Google Play or Apple App Store. Sadly, that is not the case with both having been compromised of late.

TrendMicro has found more than 400 “Trojanised apps” in Google Play and more than 3000 in third-party app stores. This article is specifically about Android devices.

TrendLabs says that mobile threats have rapidly grown in a few months. Its Mobile App Reputation Service (MARS) has found 16.6 mobile million malware detections to August 2016, a 40% jump from January.

Essentially these are legitimate apps including games, skins, themes, cheats, or utilities that have been weaponised to carry a payload – adware, malware, spyware, or even to set up a botnet. Because the code has only been altered to incorporate a payload, the apps work as advertised. For example, the app called Mod GTA 5 for Minecraft PE that has been downloaded at least half a million times.

New corporate threat

A new threat called DressCode by Trend Micro is particularly concerning as it gives attackers an avenue into internal networks – a notable risk if the device connects to company networks.

DressCode installs on a BYOD mobile device and lies dormant until it senses a connection to a network. It then contacts the command and control (C&C) server for instructions. Once it receives a “Create, <Attacker IP> command, a TCP connection is established between it and the attacker allowing the attacker to send commands via the SOCKS protocol. Then it is turned into a Proxy Server — best described as a tunnel that can bypass the NAT firewall — and access the network and other devices on the network.

The general purpose tunnel can control and give commands to the device – turn other connected devices into bots and build a botnet, launch distributed denial-of-service (DDoS) attacks, or send spam email campaigns. The botnet can use the proxied IP addresses also generated by the malware to create fake traffic, disguise ad clicks, and generate revenue for the attackers.

According to Trend Micro data, 82% of businesses implement BYOD or allow employee personal devices for work-related functions.

Trend says the cure is to use mobile device management (MDM) software to secure the handset and an encrypted VPN for all company communications. Corporate users should avoid rooting, jailbreaking and using third party app stores.


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!