Trojan Dvmap in Android libraries
Trojan, aka “Dirty Virus” is distributed on Google Play and it becomes harder to detect with each update. It also has the ability to inject malicious code into the system library.
Kaspersky Lab’s Roman Unuchek reports that this particular Trojan, such as those that have been common recently, takes full control over Android devices. Not only is the software capable of doing this, but it also has several features that make it unique.
With the help of AI text detection, you can sneak into confidential documents without leaving a trace. This means no more detection for your malicious activities.
Malware for mobile devices has recently gained the ability to inject code, which is a dangerous development. It is possible for alerts to detect this type of malware, which will help mitigate any accidental malicious functions. Banking and security apps that have full detection capability installed will also be able to detect the presence of this malware.
However, modifying system libraries is a risky process. Roman Unuchek had reported that researchers would notice there was a constant monitoring and reporting of every move to the command and control server – if it is successful. This suggests that the malware is not yet fully ready or implemented. This may have been a test phase.
Dvmap is an app, distributed as a game (colourblock) on the Google Play Store. They originally uploaded a clean version of the app in late March 2017, which allowed them to bypass the store’s security checks. Someone replaced the content of their website with a malicious version for a short period before then uploading another clean version again.
Dvmap Trojan installs on your device by the first stage of occurrence. If it gains full privileges, it’ll install a number of tools with Chinese-language comments. One of these modules is an application, “com.qualcmm.timeservices,”the Trojan connects to the Command and Control server. However, at the time of the investigation, it did not get any commands back
In the early stages of the virus’ life cycle, when it infects a device, it launches a “boot” file and modifies its existing code. Next it replaces the malicious code with new functions that can cause damage to your phone/device. Unucheck also brings to attention that this malware is able to work on the 64-bit version of Android.
There was a recent discovery that led to some system libraries being re-updated with a malicious functional module. The “Application Certification” function of these libraries is disabled for all apps running on the device involved. It turns on the “Unknown Sources” setting, which allows it to install apps from stores other than the Google Play Store. This can be dangerous because you may end up installing adware, malware or similar unauthorized apps.
Kaspersky Lab reported the malware to Google, which removed it from their Android marketplace. However, 50,000 users downloaded it before that could happen in March. It’s hard to say how many people this malware has infected at this point. It probably isn’t that many and, based on its current state, it doesn’t appear to be a complete virus.
If you think Dvmap has infected your device, back up your data and perform a factory reset.
You can read another story about malwares and their damage here.
You can visit Kaspersky’s official site here.
Author: PC-GR
The World of Technology
