A new android Malware has been found by Trend Micro which it claims is a successor to a Dress Code malware found earlier.
This malware uses port 22 to establish a SSH session with its Command and Control (CnC) server owned by the attacker.
As it uses SSH all the data between the Android phone and its CnC server are encrypted which makes it difficult for the enterprise security infrastructure to detect it. Security solutions cannot detect the data inside the encrypted connection unless they are doing Deep Packet Inspection of SSH traffic.
Using this SSH session the attacker can run vulnerability scan on the internal network. This is important as many enterprise allows employees to use their own phones connected to the same network as the internal infrastructure.
MilkyDoor was recently found in over 200 Android applications available through the Play Store.
It is important for the enterprise security gateway solutions to block all ports for the BYOD network except the ports necessary.