In a first for Android, a malware has been spotted on the Google Play Store which can inject a malicious code on your phone. This is the dvmap malware. While there have been apps with a similar malware but they have been available as APK files on websites, as Google Play Store would never allow such an app to enter. However, for the first time, an app that can inject a malicious code in your device was spotted on the Play Store.
This dvmap malware was found hidden in the game colourblock, a game which has over 50,000 downloads. This malware was found by Kaspersky labs, and following the finding the app has been pulled down from the Google Play Store. The Google security mechanism has never been fooled in the past, but this is the first such instance where a malware that injects code has managed to go past this security.
How did the dvmap malware bypass Google’s Security?
Dvmap managed to bypass Google’s security layers by uploading a clean app at first, and then update it with a malicious code for a short period of time. The malicious version of the app would be uploaded and removed on the same day. This cycle was repeated 5 times between the 18th of April to the 15th of May.
This is how the makers of the malware managed to bypass Google’s strict security measures. After the app is installed, it attempts to gain root access on the device, following which it tries to install a few modules, some of which are written in Chinese. a malicious app “com.qualcmm.timeservices” is also installed. The dvmap malware overwrites the Android system’s runtime libraries, which makes sure the module gains system rights.
Moreover, in order to get the aforementioned timeservices app installed, the dvmap trojan also overwrites your settings for ‘Install verified apps’. Basically, the dvmap malware puts the complete control of your device into the attacker’s command-and-control center. It is indeed an alarming situation where even Google’s safety mechanism has been breached.