A powerful Android Trojan with novel code injection features that posed as a game has been discovered in the Google Play Store.
The Trojan has been downloaded from Google’s official app marketplace over 50,000 times since March 2017 and is a particularly dangerous form of malware because it it can inject code into the system library and remove root-detection features designed to detect malicious intrusions.
Uncovered by cyber-security researchers at Kaspersky Lab, the Dvmap Trojan is not only capable of obtaining root access rights on Android devices but has the ability to monitor information and install other applications.
Dvmap was distributed while posing as a simple, addictive puzzle game called colourblock, posted under the name “Retgumhoap Kanumep”. Developers bypassed the store’s security checks by uploading a clean app at the end of March. They then updated this with a malicious version for a short period of time before uploading another clean version. Researchers say they did at least five times in the space of four weeks, successfully tricking Google Play in the process.
Once successfully installed on the device, the Trojan installs a root exploit back installing several tools – which appear to contain comments in Chinese, potentially pointing to the malware authors – in order to run the main phase and overwriting Android’s code with malicious code. Researchers note that this could be “very dangerous” and cause some devices to crash.
If successfully installed and executed, Dvmap can successfully connect to a command and control server – but in the device being investigated it received no comments. Researchers suggest that if allowed to run, additional malware or advertising files could be stored on the device.
Those worried they may have been infected by Dvmap are advised to back up all their data and perform a factory data reset of their device.
Kaspersky Lab has reported the Trojan to Google, and it has now been removed from the store – but it represents just the latest instance of malicious apps sneaking into the Play store, in Google’s ongoing battle with Android malware.
Last updated:
0 Comments