New malware on Google Play Store discovered by Check Point researchers

Android and malware problems have always been there but some people are too quick to dismiss the idea. The threat that Android faces due to malware problems is a topic of importance because of the user base alone of the Android devices. Cyber attackers and individuals who are out for financial gain will always look at the most used operating systems to make their financial gains, and fortunately unfortunately for Android, it is a big player.

Reports of a new strain of malware have surfaced, and they indicate that the malware was not only discovered in the Google Play Store apps, but also in the wild. The malware was perplexingly discovered on the Google Play Store, despite the various measures undertaken by Google to make the Play Store for its users.

Researchers from the security firm, Check Point, said that they managed to discover a malware on the Google Play Store and they are calling the malware, DressCode. The app was seen in 40 Google Play Store apps, and it was also seen in various other third party apps which numbered up to 400, making the threat real for the Android users.


The researchers of the security company also noted that the oldest lying app with the malware on Play Store dates back to April 2016, and the number of downloads for some of them is also freakishly high. Some of the apps averaged 100,000 to 500,000 downloads. The researchers’ data shows that between 500,000 and 2,000,000,000 users are at risk after downloading the apps which are infected.

The DressCode malware is said to have been responsible for the various actions that took place on users phones without their knowledge. The malware created a botnet which then made actions like luring victims into clicking on ads and false traffic to some of the websites. In the paper which they wrote detailing the use of the DressCode malware they said that when the malware was installed on a device, it would seek to initiate contact between its command and the control server.

After the initial connection, the command and control server then makes the malware ‘go to sleep’, in a bid to make it undetectable and makes it lie dormant for a while. It stays dormant until there is a use for it, and when the attacker wants to switch it on, the device is turned into a socks proxy, and it can now reroute traffic through the device.

Through this kind of manipulations, the malware can be as dangerous as it comes because through its ability to reroute traffic, the malware can then access any network that the device might be connected to. This will be equally bad for organizations and corporations which might have users connected to their internal networks. This essentially compromises the security of the organizations.

Thankfully, when presented with the report by Check Point, Google swiftly acted and removed the apps that were affected. Users are also advised to download apps from reliable and trustworthy stores, instead of third party dubious sources. Check Point also indicated a list of the affected Google Play Stores so that users could check if they were affected or not.