Dvmap .. New malicious software targeting Android system

Jun

15

2017

Malware is equipped with new hardware control technology and discovered in Google Play Store.
Google + LinkedIn Facebook Twitter
Kaspersky Lab experts have discovered an unusual new Trojan horse spread in the Google Play store. They said that the new Trojan horse, known as the Dvmap, can gain access to the root on mobile phones with the Android system, and can also control the device by injecting malicious code into the device. System Library.

The experts explained that, if successful, it directly delete data access to the root, which helps to avoid detection. The Trojan horse reported to Google Inc. has been downloaded from the Google Play Store more than 50,000 times since March 2017. Kaspersky Lab also reported the discovery of a Trojan horse for Google and has now been removed from the store.

The use of code injection technology in the victim system is a dangerous new development in the target malware scene of mobile devices, experts said. Because this approach can be used to activate malicious code patterns even if root access data is deleted, any security solutions and banking applications with root detection features that are installed after the infection will not be able to detect the presence of such malicious software.

Experts added that, however, modifying the system libraries is in fact a risky process and may not be successful. During their monitoring of the Dvmap software, the researchers concluded that the latter reported every move and activity to the control and control server, although no response or instructions were received from the server concerned. This indicates that malicious software is not fully ready or has been activated.

The malicious Dvmap software is spread as a game in the Google Play store. In order to bypass the security check and verification procedures in place at the store, the developers of the software downloaded a neat and clean application at the store by the end of March 2017. They then updated this application with malicious information for a short period of time before downloading another clean version. Within four weeks, they repeated the process at least five times.

Kaspersky Lab experts said that the software Dvma Trojan is installing itself on the victim’s device in two stages. During the initial phase, the program attempts to gain access to the root on the device. If successful, you install a number of tools, some with written comments and notes in Chinese. One such application is called com.qualcmm.timeservices, which connects a Trojan horse to its control and control server. However, it was noted that malicious software was not received in return for any orders during the investigation period.

In the main stage of the infection, the Trojan horse launched the file start the stage of infection, and verify the version of Android installed on the device and decide the type of library to inject the code. The next step is to replace existing instructions with malicious instructions, causing the affected device to crash completely.

The newly updated system libraries activate the malware pattern, which can turn off VerifyApps. The software then turns on Unknown Sources Settings or Unknown Sources, which allows it to install applications from any site, not just from Google Play Store. Thus, this may be malicious software or unwanted advertising applications.

“The software for the Dvmap Trojans is a new development in the Android malware target,” said Roman Jonashik, a senior malware analyst at Kaspersky Lab. “The malware code is injected into the system libraries, making it difficult to detect and remove them. Thus, there are difficult times for future users, especially those who do not have effective security protection programs that enable them to identify and prevent threats before they happen. We believe that we have been able to detect this malware at a very early stage. Our analysis shows that malware patterns tell attackers about each move, and there are also some techniques that can infiltrate infected devices. “So time is a key factor in efforts to prevent a wider and more serious attack.”

Users who have concerns about the possibility of malicious DVmap software are advised to back up all their data and choose a factory reset pattern for data. In addition, Kaspersky Lab recommends that all users install a secure security solution, such as Kaspersky Internet Security for Android OS devices, and always make sure to choose applications designed only by developers with a good reputation in the market, and to keep the operating system and installed software installed On their devices, and refrain from downloading any suspicious or suspicious elements or whose source can not be verified

Viewing:-138

In: Technology & Gadgets Asked By: [17513 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »