What's interesting? The app was smart plenty to fool Google safety machinery yesteryear kickoff pretending itself to live on a construct clean app in addition to and then temporarily replacing it amongst a malicious version.
Security researchers at Kaspersky Lab discovered a novel slice of Android rooting malware that was beingness distributed every bit gaming apps on the Google Play Store, hiding behind puzzle game "colourblock," which was beingness downloaded at to the lowest degree 50,000 times prior to its removal.
Dubbed Dvmap, the Android rooting malware disables device's safety settings to install approximately other malicious app from a third-party source in addition to every bit good injects malicious code into the device arrangement runtime libraries to arrive at root access in addition to remain persistent.
"To bypass Google Play Store safety checks, the malware creators used a real interesting method: they uploaded a construct clean app to the shop at the terminate of March, 2017, in addition to would in addition to then update it amongst a malicious version for curt catamenia of time," the researchers said.
"Usually they would upload a construct clean version dorsum on Google Play the real same day. They did this at to the lowest degree five times betwixt xviii Apr in addition to xv May."
Here's How Dvmap Malware Works
To construct certain the malicious module gets executed amongst arrangement rights, the malware overwrites system's runtime libraries depending on which Android version the device is running.
To consummate the installation of the above-mentioned malicious app, the Trojan amongst arrangement rights turns off "Verify Apps," characteristic in addition to alteration arrangement setting to let app installation from 3rd political party app stores.
"Furthermore, it tin grant the "com.qualcmm.timeservices" app Device Administrator rights without whatever interaction amongst the user, simply yesteryear running commands. It is a real odd agency to larn Device Administrator rights," the researchers said.This malicious 3rd political party app is responsible for connecting the infected device to the attacker's command-and-control server, giving out total command of the device into the hands of attackers.
However, the researchers said, they haven't noticed whatever commands received yesteryear the infected Android devices therefore far, therefore it's unclear "what sort of files volition live on executed, but they could live on malicious or advertising files."
How to Protect Yourself Against Dvmap Malware
Researchers are yet testing the Dvmap malware, but meanwhile, propose users who installed the puzzle game inward inquiry to dorsum upwards their device's information in addition to perform a total mill information reset inward an have to mitigate the malware.
To foreclose yourself from beingness targeted yesteryear such apps, ever beware of fishy apps, fifty-fifty when downloading from Google Play Store, in addition to seek to stick to the trusted brands only. Moreover, ever hold off at the comments left yesteryear other users.
Always verify app permissions earlier installing whatever app in addition to grant alone those permissions which convey relevant context for the app's purpose.
Last but non the least, ever continue a expert antivirus app on your device that tin honor in addition to block such malware earlier it tin infect your device in addition to continue it up-to-date.
Share This :
comment 0 Comments
more_vert