Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 29 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Dvmap: Android Malware with a New Technique for Controlling Devices appears on Google Play

by The Gurus
June 12, 2017
in Editor's News
Angry Android Malware
Share on FacebookShare on Twitter

Kaspersky Lab experts have discovered an unusual new Trojan being distributed through the Google Play Store. The Dvmap Trojan is capable not only of obtaining root access rights on an Android smartphone, it can also take control of the device by injecting malicious code into the system library. If successful, it can then delete root access, which helps to avoid detection. The Trojan has been downloaded from Google Play more than 50,000 times since March, 2017. Kaspersky Lab reported the Trojan to Google, and it has now been removed from the store.
The introduction of code injection capability is a dangerous new development in mobile malware. Since the approach can be used to execute malicious modules even with root access deleted, any security solutions and banking apps with root-detection features that are installed after infection won’t spot the presence of the malware.
However, modification of the system libraries is a risky process that can misfire. The researchers observed that the Dvmap malware tracks and reports its every move to its command and control server – although the command server didn’t respond with instructions.  This suggests that the malware is not yet fully ready or implemented.
Dvmap is distributed as a game through the Google Play Store. To bypass the store’s security checks, the malware creators uploaded a clean app to the store at the end of March, 2017.They then updated this with a malicious version for a short period of time, before uploading another clean version. In the space of four weeks they did this at least five times.
The Dvmap Trojan installs itself onto a victim device in two stages. During the initial phase, the malware tries to gain root rights on the device. If successful, it will install a number of tools, some of which carry comments in the Chinese language.  One of these modules is an application, “com.qualcmm.timeservices”, which connects the Trojan to its command and control server. However, during the period of investigation the malware did not receive any commands in return.
In the main phase of infection, the Trojan launches a “start” file, checks the version of Android installed and decides which library to inject its code into. The next step: overwriting the existing code with malicious code, can cause the infected device to crash.
 
The newly-patched system libraries execute a malicious module which can turn off the ‘VerifyApps’ feature.  It then switches on the setting ‘Unknown sources’ which allows it to install apps from anywhere, not just the Google Play Store. These could be malicious or unsolicited advertising apps.
“The Dvmap Trojan marks a dangerous new development in Android malware, with the malicious code injecting itself into system libraries where it is harder to detect and remove.  Users who don’t have the security in place to identify and block the threat before it breaks in have a difficult time ahead.  We believe that we have uncovered the malware at a very early stage. Our analysis shows that the malicious modules report their every move to the attackers and some techniques can break the infected devices. Time is of the essence if we are going to prevent a massive and dangerous attack,” said Roman Unuchek, Senior Malware Analyst, Kaspersky Lab.
Users concerned they may have been infected by Dvmap are advised to back up all their data and perform a factory data reset. In addition, Kaspersky Lab advises all users to install a reliable security solution, such as Kaspersky Internet Security for Android, on their device, always check that apps have been created by a reputable developer, to keep their OS and application software up-to-date, and not to download anything that looks at all suspicious or whose source cannot be verified.
To learn more about the Dvmap Trojan, read the blog on Securelist.com.
All Kaspersky Lab products detects Trojan as Trojan.AndroidOS.Dvmap.a.

FacebookTweetLinkedIn
Tags: AndroidCyberMalwaresecurityTechnology
ShareTweet
Previous Post

Synopsys Research highlights the Pervasive Use of Outdated and Insecure Third-Party Software

Next Post

Flaw in Virgin Media Super Hub leaves it open to attack

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information