Sneaky Android Virus Can Inject Itself Into System Files And Cover Its Tracks

Digital Trends ^ | June 13, 2017 | By Adam Ismail

[Swordmaker]

Why it matters to you

New mobile malware pops up all the time, and it's as important as ever to be wary of the apps you download.

Every week or so, there’s a new form of Android malware discovered that works in a unique way from what’s come before. Fortunately, in most cases, Google and third-party security experts identify the offenders before they do any serious damage. Kaspersky has just discovered one such Trojan, called Dvmap, located in an unassuming game on the Google Play Store called Colourblock with an unprecedented tactic — it injects code into the Android system library.

According to Kaspersky, this is the first example of malware on the operating system with that capability. Colourblock has reportedly been downloaded over 50,000 times, though Google took the game down after Kaspersky brought it to the company’s attention.

The danger of malware that overwrites contents in the system library in this particular instance is that it can disable Android’s Verify Apps function, allowing free, unchecked installation of downloaded software without the user’s knowledge or approval. By replacing the library, the Dvmap Trojan also eliminates key services that many apps rely on to operate properly. This means normally stable apps could very well start crashing your device.

Dvmap even deletes root access to cover its tracks. That’s particularly dangerous for apps dealing with sensitive information that rely on root detection to operate securely, like banking apps.

Kaspersky’s Roman Unuchek noted in his analysis that although the Trojan possessed the ability to download and execute files, it never received any commands during his investigation. This could mean that the developers are still expanding their reach and testing their methods before launching the full attack.

Interestingly, Colourblock has been able to sidestep action from Google and remain under the radar because the developers have been regularly “updating” the app by releasing a mix of clean and malicious versions. The first release was clean, but was then replaced with another containing Dvmap after a short period of time. That version was switched out with another clean app, and then again with an infected one. Kaspersky says the developers had performed the switcheroo at least five times between April and May.

[Swordmaker]

Ping for the Android Ping list.

[Pontiac]

So what happens to these developers?

Jail time?

[ThunderSleeps]

Interesting, but still bad, bit of malware - ANDROID PING!
Android Ping! If you want on or off the Android Ping List, Freepmail me.

---

Technically interesting piece. Maybe everyone else is/was more aware of this but apparently this malware is in the app with the full knowledge and consent of the app developer. I guess I had always assumed viruses and such were maliciously attached to other apps. Apparently no so here. Apparently it is the app developers putting in the malware intentionally.

[Muntic0re]

Thanks for sharing now I will be more careful. Everything from the account information to identity can be stolen online. You can even become vulnerable to internet hackers who can hack into your laptop's webcam to spy on you in order to gain access to your address and your apartment. And I think that it's essential to have VPN or Proxy protection. Sometimes I also use email checker email checker and ip checker. The more immersed we are in the digital technology, the more valuable our privacy becomes.