A quickly rising threat is hiding within literally thousands of Android apps available on various app stores, CSO Online has recently reported. It's dubbed DressCode and is particularly dangerous because it can infiltrate whatever internet network the infected device connects to.
Even Google Play isn't safe from DressCode
DressCode isn't completely new. It was originally discovered by the mobile threat prevention research team of cybersecurity company Check Point in August this year. Back then, the malware was embedded into over 40 apps on Google Play, as well as in more than 400 apps on third-party app stores.
Subsequently, Check Point notified Google about the dangerous apps and some were removed from Google Play, which is considered the safest Android app store.
"The oldest apps were uploaded to Google Play on April 2016, where they remained undetected until recently. Some of the apps reached between 100,000 and 500,000 downloads each. Between 500,000 and 2,000,000 users downloaded the malicious apps from Google Play", Check Point said on its blog.
From over 400 to over 3,000 infected apps within a month
A mere month after Check Point's announcement, however, cybersecurity vendor Trend Micro announced it had found out that the malware was circulating in at least 3,000 Trojanized apps! Of them, over 400 were on Google Play!
This means that even though Google removed some infected apps, their number grew significantly if we assume that both cybersecurity companies have similar detecting abilities.
Trend Micro added that one of these apps on Google Play had been installed 100,000 to 500,000 times!
Again, the company notified Google, which "took necessary steps to remove the compromised apps". But can we really be sure that all DressCode-infected apps will disappear from Google Play? Or they will, once again, increase 10 times in number like they did in September?
How DressCode works
DressCode usually hides itself inside games, UI themes, and phone optimization boosters. Moreover, it's hard to detect because the malicious code itself only makes up a small portion of the overall app.
Once installed, the malware will contact its command and control servers and receive orders from its developers.
DressCode is very dangerous because it can infiltrate whatever internet network the compromised device connects to. In other words, a single employee's infected device can wreak havoc in a company when the device connects to the corporate network.
"With the growth of Bring Your Own Device (BYOD) programs, more enterprises are ethemsxposing elves to risk via carefree employee mobile usage," Trend Micro noted.
DressCode can also be used to turn infected devices into a botnet for distributed denial-of-service (DDoS) attacks.
The details of how the malware works are available on Trend Micro's blog. But that's for the hardcore geeks. What normal users need is how to avoid it.
How to avoid DressCode
First of all, there's the general rule of thumb to think and research before downloading any app from any store. But still, some of the infected apps have over 500,000 downloads — a convincing number that could easily lower your guard.
So what to do then? Stop downloading apps at all? Well, it depends on what you have on your device and what you use it for. If there's very important business or private information stored on your smartphone or tablet, or your mobile communication is highly sensitive, then the fewer apps you have, the better.
But if we're really talking about serious stuff, then you need a really serious smartphone that can even protect you from your own mistakes as a user. Yes, I'm talking about Secure Phone — one of the most secure smartphones ever made.
Although it also uses Android, the operating system, called Secure OS, is considerably modified to shrink the attack surface to the absolute minimum. It hides no malware, spyware or even bloatware, no backdoors, and no data leaks.
The apps that Secure Phone comes preloaded with are there because:
- They increase security, like Secure Backup or Secure Wipe
- They provide end-to-end encrypted communication, like Secure Email, Secure Chat or Secure Voice
- Or they help productivity, like Secure Note or Secure Folder
How to avoid your own mistakes
But what makes Secure Phone really special and immune to DressCode and other malware is the Secure Administration System, or SAS. This is our exclusive mobile device management system that remotely sets up and controls every aspect of Secure Phone.
With SAS, the person who administrates a given Secure Phone (the owner or a trusted admin) can restrict this phone from using any other apps than the ones already available. In other words, DressCode has no chance to enter and steal your sensitive information.
And this is just one of the many precautions you can take to save you from yourself and other security risks.
You think Wi-Fi is dangerous? Or Bluetooth? Or USB? Turn any of them off remotely! And remember, when a setting is pushed from SAS, it can't be changed from Secure Phone. This leaves no room for mistakes.
Wiping for every scenario
There's also a Secure Wipe app on the device in case you need to format it. And if your Secure Phone gets into the wrong hands, you can remotely wipe it from SAS. Even if you lose access to both your Secure Phone and SAS, there are automatic wiping policies that format the device if it loses connectivity for X period of time or if a wrong passcode is entered X consecutive times. There's really a way to wipe Secure Phone in every scenario. Even trying to unlock the bootloader will wipe the device!
As an additional protection, Secure Phone's storage is encrypted with an extremely strong cryptographic scheme.
Whatever you do, if your mobile data and communication are too important, don't leave them to chance. An antivirus app won't protect you from everything, trust me. And you'll still have a normal phone with one app more.
So the big question isn't if there's malware that can get to you. That's a given nowadays. It's how much you have to lose...