First Android malware with code injection has arrived

Android malware has entered a new era: code injection. According to a report in The Register, the Dvmap trojan, which hid inside several games in Google Play for months and was installed over 50,000 times, “installs its malicious modules while also injecting hostile code into the system runtime libraries”.

See also:

15 best antivirus Android apps and anti-malware Android apps

January 7, 2017

After seeking root access and dropping its payload, the sophisticated malware then patches root to cover its tracks. Interestingly, Dvmap also works on the 64-bit version of Android, can disable Google’s Verify Apps security feature and used a truly novel approach to avoid detection by Google.

The trojan’s creators would upload a “clean” app to Google Play and then intermittently update it with the malware components for a short period of time before replacing it with the clean version once again. The modules were constantly sending reports back to the malware’s authors, leading Kaspersky to believe it was still in an early testing phase.

The trojan’s creators uploaded a “clean” app to Google Play and intermittently updated it with the malware components.

The goal of Dvmap seems to have been to enable the installation of apps with root level permissions from third party stores. Kaspersky also notes Dvmap could serve ads and execute downloaded files delivered from a remote server. While Kaspersky noted the server connection, no files were sent during its testing, again implying Dvmap was not fully operational.

“The introduction of code injection capability is a dangerous new development in mobile malware,” Kaspersky told The Register. “Since the approach can be used to execute malicious modules even with root access deleted, any security solutions and banking apps with root-detection features that are installed after infection won’t spot the presence of the malware.”

Kaspersky Labs first encountered the trojan back in April and reported it to Google, who promptly removed it from the Play Store. While all of the apps including Dvmap were not named, Kaspersky recommends a data backup and factory reset for anyone concerned that they may have been infected. So if you downloaded a game in the last few months that has now been pulled from Google Play, you might want to follow their advice just in case.

Concerned?: Become a cyber-security expert for just $69

from Android Authority http://ift.tt/2s7Fe7w

via Blogger http://ift.tt/2t5KTZ1

Advertisements

About ishubhamsingh

Hello TechGeeks!! I am Shubham Singh -a student,a mistakemaker,a learner,a TechGeek like you,who wants to share all that i know about softwares,cracks,keygens and general computer tweaks & tricks with you through this blog.

Posted on June 10, 2017, in android, Android Authority and tagged , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: