Android users, beware. There is a new threat brewing for the mobile platform, according to Kaspersky Labs . This threat is known as Dvmap, and it is different from all the malware we know and trust Google to protect us from.
Kaspersky has been monitoring the distribution of a Trojan horse in the Play Store since April 2017. Dvmap has been able to hide from Google’s protection and verification mechanisms by regularly swapping clean code with malicious code and vice versa. Now, we know that the Bouncers, which was introduced in 2012 to keep malware from the Play Store, can be tricked easily.
This malware, classified by Kaspersky Labs as Trojan.AndroidOS.Dvmap.a is a particularly tricky form of malware, according to experts. It tries to gain root access in four different ways, even with 64-bit compatible code. Worse, it injects malicious code into system libraries libdmv.so and libandroid_runtime.so. Subsequently, the Trojan horse triggers protection mechanisms to verify and install third-party apps. This is done by an administrator service called com.qualcmm.timeservices, which looks similar to a legitimate background service like com.qualcomm.timeservices. Note the difference between the two service names, as it is a common ruse employed by hackers and malware advertisers to trick users into trusting them.
Now, the malware could install third-party software on infected devices at a later date. The author could offer this ability to anyone interested, on the black market. Right now, a huge number of devices could be affected. But so far, only a maximum of 50,000 devices are reported to be affected.
Theoretically, Google can delete harmful apps remotely from your device. However, since the malware manipulates system libraries, it could prevent Google from being able to do so, or report the uninstallation immediately to the malware’s author. The author could then install a different version of the malware to escape the protection mechanism again. Right now, only formatting the system partition and reinstalling the original firmware can save an affected smartphone. The only way to prevent this from happening is to have the latest security patches. However, not everyone gets the updates, as manufacturers fear that if they do so they will not buy new phones.