Security Researchers at Kaspersky Lab discovered a new rooting malware called “Dvmap” being distributed through the Google Play Store.
Unlike other rooting malware, this malware not only places its modules into the system, it also injects malicious code into the Android system runtime libraries. Kaspersky Lab detected it as “Trojan.AndroidOS.Dvmap.a”.The new malware designed to attack and target Android smartphones. The malware, distributed via the Google Play store, It’s able to root devices and it holds some new techniques to achieve its goal.
The malware (Dvmap) was uploaded to Google Play store masked as several apps, such as a puzzle game. Kaspersky Lab said the malicious apps were downloaded from the official Android app store more than 50,000 times before being removed by Google.
The malware authors used a very interesting technique to bypass Google Play Store security checks, they uploaded a clean app to the store at the end of March 2017, and would then update it with a malicious version for short period of time. Regularly, they would upload a clean version back on Google Play the very same day. They did this at least 5 times between 18 April and 15 May.
“I hope that by uncovering this malware at such an early stage, we will be able to prevent a massive and dangerous attack when the attackers are ready to actively use their methods.”
