Menacing Android botnet still thrives 16 months after coming to light

Enlarge (credit: Check Point Software)

In 2016, researchers uncovered a botnet that turned infected Android phones into covert listening posts that could siphon sensitive data out of protected networks. Google at the time said it removed the 400 Google Play apps that installed the malicious botnet code and took other, unspecified “necessary actions” to protect infected users.

Now, roughly 16 months later, a hacker has provided evidence that the so-called DressCode botnet continues to flourish and may currently enslave as many as four million devices. The infections pose a significant risk because they cause phones to use the SOCKS protocol to open a direct connection to attacker servers. Attackers can then tunnel into home or corporate networks to which the phones belong in an attempt to steal router passwords and probe connected computers for vulnerabilities or unsecured data.

Even worse, a programming interface that the attacker’s command and control server uses to establish the connection is unencrypted and requires no authentication, a weakness that allows other attackers to independently abuse the infected phones.

Read 17 remaining paragraphs | Comments

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.