Android Trojan with the ability to inject malicious code discovered on Google Play Store

Security specialists are always warning Android users to be cautious when downloading apps and to stick to well-known stores, such as Google Play, but it seems that even the most trusted ones are not always safe. Russian-based security company, Kaspersky, has recently uncovered that a piece of malware was able to fool Google for at least a couple of months and managed to infect around 50 000 Android users. It posed as a puzzle game, “colourblock”, but was in fact malware that has the ability to disable your device’s security settings and perform malicious tasks.

Android malware with code injection

The Trojan has since been reported to Google, who then removed the game from the store. What is quite interesting is that it managed to bypass security measures taken by Google to ensure that apps are safe. The malware, dubbed as Dvmap, was uploaded onto Google Play back in March as a puzzle game and at that time, it was clean. From then on, Dvmap developers would replace the clean game with a malicious app and then back to the clean one some time later. According to Kaspersky, that happened at least 5 times between April and May. This allowed it to go undetected by Google.

Once installed, the malware gains root access to the device by injecting malicious code into system runtime libraries. It disables security settings, Verify App in particular, and that allows it to install another malicious app from third-party sources. That malicious app connects your device to a command-and-control server. Your device could then be controlled by malicious parties. However, security specialists note that no commands were received, which means that the malware could still be in development.

Android Trojan with the ability to inject malicious code discovered on Google Play Store

Since the upload, it was downloaded at least 50,000 times. That means that there could be 50,000 devices infected with this malware. For those users, specialists recommend making backup of all data and performing factory reset.

Dvmap proves that simply avoiding third-party app stores is not enough. Of course, you lessen the chance of possible infections significantly by doing so, but it is also important that you go further to protect your device. For one, when downloading apps, even from Google Play, always read the reviews and look into the app. It may not have helped in this case, but it could prevent a lot of other infections. You might also want to consider obtaining an antivirus application so that these threats could be detected before they do damage.

References

  1. First Android-Rooting Trojan With Code Injection Ability Found On Google Play Store. The Hacker News.
  2. Dvmap: first Android malware with code injection. Kaspersky Lab.

Leave a Reply