Home Security Trojanised apps in legitimate app stores – new DressCode threat

The common belief is that it was safe to download from official apps stores like Google Play or Apple App Store. Sadly, that is not the case with both having been compromised of late.

TrendMicro has found more than 400 “Trojanised apps” in Google Play and more than 3000 in third-party app stores. This article is specifically about Android devices.

TrendLabs says that mobile threats have rapidly grown in a few months. Its Mobile App Reputation Service (MARS) has found 16.6 mobile million malware detections to August 2016, a 40% jump from January.

Essentially these are legitimate apps including games, skins, themes, cheats, or utilities that have been weaponised to carry a payload – adware, malware, spyware, or even to set up a botnet. Because the code has only been altered to incorporate a payload, the apps work as advertised. For example, the app called Mod GTA 5 for Minecraft PE that has been downloaded at least half a million times.

New corporate threat

A new threat called DressCode by Trend Micro is particularly concerning as it gives attackers an avenue into internal networks – a notable risk if the device connects to company networks.

DressCode installs on a BYOD mobile device and lies dormant until it senses a connection to a network. It then contacts the command and control (C&C) server for instructions. Once it receives a “Create, <Attacker IP> command, a TCP connection is established between it and the attacker allowing the attacker to send commands via the SOCKS protocol. Then it is turned into a Proxy Server — best described as a tunnel that can bypass the NAT firewall — and access the network and other devices on the network.

The general purpose tunnel can control and give commands to the device – turn other connected devices into bots and build a botnet, launch distributed denial-of-service (DDoS) attacks, or send spam email campaigns. The botnet can use the proxied IP addresses also generated by the malware to create fake traffic, disguise ad clicks, and generate revenue for the attackers.

According to Trend Micro data, 82% of businesses implement BYOD or allow employee personal devices for work-related functions.

Trend says the cure is to use mobile device management (MDM) software to secure the handset and an encrypted VPN for all company communications. Corporate users should avoid rooting, jailbreaking and using third party app stores.

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

 

 

 

 

Connect

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities