Explorer

New Dvmap Trojan can delete system's root access, reveals Kaspersky

New Delhi [India], June 10 (ANI): The recently discovered Dvmap Trojan can destroy root access after gaining rights on an Android smartphone, revealed Kaspersky Lab experts. Subsequently, since it cannot be detected, there also looms a threat of the device being controlled by the Trojan, by injecting a malicious code into the system library.

The introduction of the code injection capability is a dangerous new development in mobile malware. Since the approach can be used to execute malicious modules even with root access deleted, any security solutions and banking apps with root-detection features that are installed after infection won't spot the presence of the malware.

However, modification of the system libraries is a risky process that can misfire. The researchers observed that the Dvmap malware tracks and reports its every move to its command and control server - although the command server didn't respond with instructions. This suggests that the malware is not yet fully ready or implemented.

Dvmap is distributed as a game through Google Play Store. To bypass the store's security checks, the malware creators uploaded a clean app to the store at the end of March 2017.They then updated this with a malicious version for a short period of time, before uploading another clean version. In the space of four weeks they did this at least five times.

The Dvmap Trojan installs itself onto a victim device in two stages. During the initial phase, the malware tries to gain root rights on the device. If successful, it will install a number of tools, some of which carry comments in the Chinese language. One of these modules is an application, 'com.qualcmm.timeservice', which connects the Trojan to its command and control server. However, during the period of investigation the malware did not receive any commands in return.

In the main phase of infection, the Trojan launches a 'start' file, checks the version of Android installed and decides which library to inject its code into. The next step: overwriting the existing code with malicious code, can cause the infected device to crash.

The newly-patched system libraries execute a malicious module which can turn off the 'VerifyApps' feature. It then switches on the setting 'Unknown sources' which allows it to install apps from anywhere, not just the Google Play Store. These could be malicious or unsolicited advertising apps.

"The Dvmap Trojan marks a dangerous new development in Android malware, with the malicious code injecting itself into system libraries where it is harder to detect and remove. Users who don't have the security in place to identify and block the threat before it breaks in have a difficult time ahead. We believe that we have uncovered the malware at a very early stage. Our analysis shows that the malicious modules report their every move to the attackers and some techniques can break the infected devices. Time is of the essence if we are going to prevent a massive and dangerous attack," said Roman Unuchek, Senior Malware Analyst, Kaspersky Lab.

The Trojan, which was downloaded from Google Play more than 50,000 times since inception, has now been removed from the store.

However, Kaspersky experts believe that users must organise and back-up data from time to time. Additionally, Kaspersky also recommended users to install a reliable security solution, check that apps have been created by a reputable developer, to keep their OS and application software up-to-date, and not to download anything that looks at all suspicious or whose source cannot be verified. (ANI)

View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headlines

Bihar MLA Ritlal's Brother Accused Of Shooting At AIIMS Security Officer Surrenders To Police
Bihar MLA Ritlal's Brother Accused Of Shooting At AIIMS Security Officer Surrenders To Police
After 'Zero' Electricity Bill For 6 Months, Sambhal MP Zia ur Rahman Booked For Power Theft
After 'Zero' Electricity Bill For 6 Months, Sambhal MP Zia ur Rahman Booked For Power Theft
5 Terrorists Killed In Jammu And Kashmir's Kulgam, Search Operation On
5 Terrorists Killed In Jammu And Kashmir's Kulgam, Search Operation On
BJP MP Pratap Sarangi Injured After Rahul Gandhi 'Shoved' Him During Parliament Protest
BJP MP Pratap Sarangi Injured After Rahul Gandhi 'Shoved' Him During Parliament Protest
Advertisement
ABP Premium

Videos

Rahul Gandhi Linked to Incident That Led to BJP MP Mukesh Rajput’s HospitalizationBJP MP Mukesh Rajput Hospitalized in ICU After Alleged Push by Rahul GandhiHeated Exchange in Parliament as Opposition Targets Amit Shah Over Ambedkar RemarksLucknow Protest Turns Tragic: Congress Worker Dies, Police Investigation Underway
Embed widget