Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 2 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Dvmap: Android Malware with a New Technique for Controlling Devices appears on Google Play

by The Gurus
June 12, 2017
in Editor's News
Angry Android Malware
Share on FacebookShare on Twitter

Kaspersky Lab experts have discovered an unusual new Trojan being distributed through the Google Play Store. The Dvmap Trojan is capable not only of obtaining root access rights on an Android smartphone, it can also take control of the device by injecting malicious code into the system library. If successful, it can then delete root access, which helps to avoid detection. The Trojan has been downloaded from Google Play more than 50,000 times since March, 2017. Kaspersky Lab reported the Trojan to Google, and it has now been removed from the store.
The introduction of code injection capability is a dangerous new development in mobile malware. Since the approach can be used to execute malicious modules even with root access deleted, any security solutions and banking apps with root-detection features that are installed after infection won’t spot the presence of the malware.
However, modification of the system libraries is a risky process that can misfire. The researchers observed that the Dvmap malware tracks and reports its every move to its command and control server – although the command server didn’t respond with instructions.  This suggests that the malware is not yet fully ready or implemented.
Dvmap is distributed as a game through the Google Play Store. To bypass the store’s security checks, the malware creators uploaded a clean app to the store at the end of March, 2017.They then updated this with a malicious version for a short period of time, before uploading another clean version. In the space of four weeks they did this at least five times.
The Dvmap Trojan installs itself onto a victim device in two stages. During the initial phase, the malware tries to gain root rights on the device. If successful, it will install a number of tools, some of which carry comments in the Chinese language.  One of these modules is an application, “com.qualcmm.timeservices”, which connects the Trojan to its command and control server. However, during the period of investigation the malware did not receive any commands in return.
In the main phase of infection, the Trojan launches a “start” file, checks the version of Android installed and decides which library to inject its code into. The next step: overwriting the existing code with malicious code, can cause the infected device to crash.
 
The newly-patched system libraries execute a malicious module which can turn off the ‘VerifyApps’ feature.  It then switches on the setting ‘Unknown sources’ which allows it to install apps from anywhere, not just the Google Play Store. These could be malicious or unsolicited advertising apps.
“The Dvmap Trojan marks a dangerous new development in Android malware, with the malicious code injecting itself into system libraries where it is harder to detect and remove.  Users who don’t have the security in place to identify and block the threat before it breaks in have a difficult time ahead.  We believe that we have uncovered the malware at a very early stage. Our analysis shows that the malicious modules report their every move to the attackers and some techniques can break the infected devices. Time is of the essence if we are going to prevent a massive and dangerous attack,” said Roman Unuchek, Senior Malware Analyst, Kaspersky Lab.
Users concerned they may have been infected by Dvmap are advised to back up all their data and perform a factory data reset. In addition, Kaspersky Lab advises all users to install a reliable security solution, such as Kaspersky Internet Security for Android, on their device, always check that apps have been created by a reputable developer, to keep their OS and application software up-to-date, and not to download anything that looks at all suspicious or whose source cannot be verified.
To learn more about the Dvmap Trojan, read the blog on Securelist.com.
All Kaspersky Lab products detects Trojan as Trojan.AndroidOS.Dvmap.a.

Tags: AndroidCyberMalwaresecurityTechnology
ShareTweet
Previous Post

Synopsys Research highlights the Pervasive Use of Outdated and Insecure Third-Party Software

Next Post

Flaw in Virgin Media Super Hub leaves it open to attack

Recent News

geopolitical cyber report

Iran-linked MuddyWater espionage campaign targets organisations across four continents

July 1, 2026
Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

July 1, 2026
Q&A: Solving Synthetic Media Challenges Before All Trust is Lost

Q&A: Solving Synthetic Media Challenges Before All Trust is Lost

July 1, 2026

Huntress Launches Managed ISPM as Identity Attacks Drive 79% of Severe Security Incidents

June 30, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol