Routines and techniques build on those of the malware’s predecessor, DressCode.
The backdoor, known as MilkyDoor, has so far affected 200 unique Android apps available on the official Google Play Store. Some of those apps boast between 500,000 and one million installs.
Hundreds of other programs, including books for children and doodle applications, have also suffered infections by MilkyDoor. It appears criminals seized most if not all of these apps, repackaged them with malware, and uploaded them to the Play Store. No doubt they thought these modified versions would still attract large numbers of downloads based upon the popularity of their parent programs.