Kaspersky Discovers Dvmap Trojan Taking Control Of Android Devices

Researchers at Kaspersky Lab have discovered a new trojan being distributed as a game through the Google Play Store which can take control of Android devices.

The Dvmap trojan, which has been removed from Google’s app marketplace after being downloaded more than 50,000 times, gains control by injecting malicious code into the system library.

If successful, this enables it to avoid detection by obtaining root access rights to the infected device.

Mobile malware

Dvmap installs itself onto a victim’s device in two stages. During the first phase it attempts to gain root access rights before installing a number of tools, some of which Kaspersky notes carry comments in Chinese.

Next, it launches a ‘start’ file, checks the version of Android installed and decides which library to inject its code into. It then overwrites the existing code with malicious code which enables the ‘VerifyApps’ feature on Android devices to be turned off so new apps can be installed from anywhere.

Kaspersky describes Dvmap’s code injection capability as “a dangerous new development in mobile malware”, primarily because it means that any security tools or banking apps with root-detection features installed after infection are unlikely to detect the malware.

However, although Dvmap reports all of its action to its command and control (C&C) server, it doesn’t receive any instructions in return, which suggests the malware is still being developed.

“The Dvmap Trojan marks a dangerous new development in Android malware, with the malicious code injecting itself into system libraries where it is harder to detect and remove,” said Roman Unuchek, senior malware analyst at Kaspersky Lab.

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ...

“Users who don’t have the security in place to identify and block the threat before it breaks in have a difficult time ahead. We believe that we have uncovered the malware at a very early stage. Our analysis shows that the malicious modules report their every move to the attackers and some techniques can break the infected devices.

“Time is of the essence if we are going to prevent a massive and dangerous attack.”

Quiz: Are you a security pro?

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

2 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

3 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

3 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

20 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

21 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

21 hours ago