Home Security Trojanised apps in legitimate app stores – new DressCode threat

Trojanised apps in legitimate app stores – new DressCode threat

The common belief is that it was safe to download from official apps stores like Google Play or Apple App Store. Sadly, that is not the case with both having been compromised of late.

TrendMicro has found more than 400 “Trojanised apps” in Google Play and more than 3000 in third-party app stores. This article is specifically about Android devices.

TrendLabs says that mobile threats have rapidly grown in a few months. Its Mobile App Reputation Service (MARS) has found 16.6 mobile million malware detections to August 2016, a 40% jump from January.

Essentially these are legitimate apps including games, skins, themes, cheats, or utilities that have been weaponised to carry a payload – adware, malware, spyware, or even to set up a botnet. Because the code has only been altered to incorporate a payload, the apps work as advertised. For example, the app called Mod GTA 5 for Minecraft PE that has been downloaded at least half a million times.

New corporate threat

A new threat called DressCode by Trend Micro is particularly concerning as it gives attackers an avenue into internal networks – a notable risk if the device connects to company networks.

DressCode installs on a BYOD mobile device and lies dormant until it senses a connection to a network. It then contacts the command and control (C&C) server for instructions. Once it receives a “Create, <Attacker IP> command, a TCP connection is established between it and the attacker allowing the attacker to send commands via the SOCKS protocol. Then it is turned into a Proxy Server — best described as a tunnel that can bypass the NAT firewall — and access the network and other devices on the network.

The general purpose tunnel can control and give commands to the device – turn other connected devices into bots and build a botnet, launch distributed denial-of-service (DDoS) attacks, or send spam email campaigns. The botnet can use the proxied IP addresses also generated by the malware to create fake traffic, disguise ad clicks, and generate revenue for the attackers.

According to Trend Micro data, 82% of businesses implement BYOD or allow employee personal devices for work-related functions.

Trend says the cure is to use mobile device management (MDM) software to secure the handset and an encrypted VPN for all company communications. Corporate users should avoid rooting, jailbreaking and using third party app stores.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!


Popular News