DressCode
NJCCIC Threat Profile
Original Release Date: 2016-09-07
DressCode is a family of malware that targets Android OS and is distributed via apps in the Google Play Store as well as those in unofficial third-party app stores. According to Google Play statistics, 500,000 to 2,000,000 users downloaded apps that were bundled with DressCode. This malware hijacks the infected devices and connects them to a botnet, constantly communicating with the attacker’s C2 server and executing additional actions such as serving up ads to the victim and performing click-fraud for profit. DressCode works by setting up a SOCKS proxy, allowing the attacker to control devices that reside on firewalled networks. This feature can potentially allow attackers to scan networks for sensitive information, exfiltrate data, and escalate their access.
Reporting and Technical Details
- August 2016: Check Point Software Technologies Ltd. discovered DressCode bundled into more than 40 apps in the Google Play Store and over 400 apps in unofficial third-party app stores. (Check Point)
Featured Content
- Disaster Relief and Tragedy-Related Scams>
- Flaw in Cosmo DB Could Allow Access to Databases>
- Threat Actors Use Messaging Service as Phishing Lure>
- Back-to-School Cybersecurity>
- Patch Now: Active Exploitation of Microsoft Exchange ProxyShell Vulnerabilities >
- T-Mobile Breach>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.