The Trojan was embedded in a game called colourblock which was called as the “simplest, challenging, addictive” puzzle game.
With all the malware and ransomware news flying around, now a new Android Trojan has been spotted on Google Play called Dvmap. However, Google took steps to remove it from the Play Store already.
The Trojan was discovered Roman Unuchek, a senior malware analyst working with Kaspersky Lab, back in May 19. The discovery occurred during result checks from an internal system which Unechek monitors so as to find new strains of rooting malware. Google was informed of the malware situation on May 25, after running some more checks.
The Trojan was embedded in a game called colourblock which was called as the “simplest, challenging, addictive” puzzle game, the trojan was particularly malicious. Dvmap had the capability of rooting an Android device and injecting malicious code into the infected device’s system library.
So basically, once the app had been installed, the Trojan would try and gain root access by launching a start file which checked the Android version which the device was running, and locate the library which it would inject its code into. If the operation performed successfully, the malware would install tools to connect the Trojan to the C&C server.
The interesting part herein was once the whole business was complete, the server would never respond back to the prompts sent by the Trojan which meant the malware is not ready yet, or it is yet to be implemented.
The hackers behind this malware have uploaded multiple versions of the game, starting with a clean one, followed by a malicious one and so on.
Another feature of this malware is the fact that once the newly patched system libraries execute a malicious module, it can turn off the VerifyApps feature, which is Google’s Android malware scanner. It then utilises the control it has over the Android device to permit it to install apps from anywhere, not just Google Play Store, which may bring in even more infected apps.