Header Ads

A notorious 'DVMAP' Malware Infects Android Smartphones, Are you SAFE?

Android malwares have been present for so many years now, but the surge in recent attacks is appalling.
A new version of android malware is DVMAP which uses a new technique to infect android smartphones. Dvmapis a very special rooting malware, It uses a variety of new techniques, but the most interesting thing is that it injects malicious code into the system libraries. Hence, it is the first Android malware that injects malicious code into the system libraries in runtime.
                        dvmap_malware

The Trojan has been downloaded from Google's Playstore over 50,000 times since March 2017 and is a particularly dangerous form of malware because it can inject code into the system library and remove root-detection features designed to detect malicious intrusions.

Detected by cybersecurity researchers at Kaspersky Lab, the Dvmap trojan is not only capable of obtaining root access rights (root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser) on Android devices but has the ability to monitor information and install other applications.

Dvmap cloaked itself as a game called 'colourblock' within Google Play which managed to bypass the store's security checks by first of all uploaded a clean version of the app in March.Shortly afterwards, they updated it to a malicious version for a short time before reverting it back to the clean version. Researchers say they did at least five times in the space of four weeks, successfully tricking Google Play in the process.

Once successfully installed on the device, the trojan installs a root exploit back installing several tools - which appear to contain comments in Chinese, potentially pointing to the malware authors - in order to run the main phase and overwriting Android's code with malicious code. Researchers note that this could be "very dangerous" and cause some devices to crash.
If successfully installed and executed, Dvmap can successfully connect to a command and control server - but in the device being investigated it received no comments. Researchers suggest that if allowed to run, additional malware or advertising files could be stored on the device.

Conclusions

This Trojan was distributed through the Google Play Store and uses a number of very dangerous techniques, including patching system libraries. It installs malicious modules with different functionality into the system. It looks like its main purpose is to get into the system and execute downloaded files with root rights.
Those worried they may have been infected by Dvmap are advised to back up all their data and perform a factory data reset of their device.
Kaspersky Lab has reported the Trojan to Google, and it has now been removed from the store - but it represents just the latest instance of malicious apps sneaking into the Play store, in Google's ongoing battle with Android malware.


READ ALSO : 

No comments