An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks.
DressCode, a family of Android malware, has been found circulating in at least 3,000 Trojanized apps, security firm Trend Micro said on Friday.
DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app.
On Google Play, Trend Micro found more than 400 apps that are part of the DressCode family, it said. That’s 10 times more than what security researchers at Check Point noticed a month ago.
Trend Micro added that one these apps on Google Play had been installed 100,000 to 500,000 times. Once installed, DressCode’s malicious coding will contact its command and control servers and receive orders from its developers.
The malware is particularly dangerous because it can infiltrate whatever internet network the infected device connects to. Imagine a user bringing a phone to the office and connecting to the corporate network. The makers of DressCode could use the phone as a springboard to hack into the corporate network or download sensitive files, Trend Micro said.
“With the growth of Bring Your Own Device (BYOD) programs, more enterprises are exposing themselves to risk via carefree employee mobile usage,” the security firm said.
According to Trend Micro, 82 percent of businesses have BYOD programs, allowing their employees to use personal devices for work functions.
The DressCode malware can also be used to turn infected devices into a botnet. This allows the infected devices to carry out distributed denial-of-service (DDOS) attacks or be used to send spam.
Trend Micro has found DressCode infecting enterprise users in the U.S., France, Israel, Ukraine, and other countries. The security firm is advising that users always check the online reviews for whatever apps they download.
Users can also install Trend Micro’s mobile security products to protect themselves.
Google didn’t immediately respond to a request for comment on the malware.