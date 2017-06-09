It has now been removed from the store.

The addition of code injection makes a worrying new development in mobile malware. Since the approach can be used to execute malicious modules even with root access deleted, any security solutions and banking apps with root-detection features that are installed after infection won’t spot the presence of the malware.

Analysis of the Dvmap code reveals that it tracks and reports its every move to its command and control server – although the command server doesn’t respond with instructions.

The malware was spotted by the team of researchers at Kaspersky Labs who found this malware hidden behind the colourblock game.

Dvmap is distributed as a game through the Google Play Store.

The hackers behind this malware have uploaded multiple versions of the game, starting with a clean one, followed by a malicious one and so on.

The culprits did this process at least five times between 18 April and 15 May, Kaspersky found. During the first phase it attempts to gain root access rights before installing a number of tools, some of which Kaspersky notes carry comments in Chinese.

Unuchek was able to successfully connect to the criminals’ command and control (C&C) server but that’s as far as current analysis goes. However, during the period of investigation the malware did not receive any commands in return. “They decrypt several archive files from the assets folder of the installation package, and launch an executable file from them with the name “start”.

Another feature of this malware is the fact that once the newly patched system libraries execute a malicious module, it can turn off the VerifyApps feature, which is Google’s Android malware scanner. Apps on the Google Play Store can generally be trusted to be safe as Google’s safety measures ensure that no malware passes through. Developers of such harmful programs often put up attractive apps or games with malicious programs embedded inside. Dvmap had the capability of rooting an Android device and injecting malicious code into the infected device’s system library.

“But I hope that by uncovering this malware at such an early stage, we will be able to prevent a massive and risky attack when the attackers are ready to actively use their methods”. I think the authors are still testing this malware, because they use some techniques which can break the infected devices. “Time is of the essence if we are going to prevent a massive and unsafe attack”.

If you happen to have downloaded that app and you didn’t have an anti-virus installed your only choice is to create a back-up of your data and perform a factory data reset on your phone or tablet.