Google App Store has the first code injection Android malware – Penetration Testing

According to foreign media reported on June 8, Kaspersky Lab researchers found a new Android malware Dvmap at the Google Play store that allowed to disable device security settings, install third-party malicious applications, and maliciously when the device system was running Code to get persistent root privileges.

Interestingly, the malware Dvmap, which bypasses the Google Play store security test, will first disguise itself as a secure application hidden in the puzzle game “colourblock” and then upgrade to a malicious version in a short time. It is said that the game was downloaded at least 50,000 times before being removed.

Survey shows that Trojans Dvmap for 32-bit and 64-bit versions of the Android system. Once successfully installed, malware will attempt to get root access on the device and install multiple malicious modules, many of which contain some Chinese modules with malware “com.qualcmm.timeservices”. To ensure that a malicious module is executed within system privileges, the malware overwrites the system runtime based on the Android version of the device that is running. After the installation of the malicious application is complete, the Trojan with system privilege will close the “Validate Application” function and modify the system settings.

It is reported that third-party malicious applications will be infected devices connected to the attacker C & C server and transfer device control authority. At present, although the researchers are still on the malicious software Dvmap detection, but did not observe the infected Android device from any malicious commands. To prevent users from being infected, the researchers recommend that users always verify application permissions and only grant the necessary permissions for the application before installing any application (even from the Google Play store).

Attachment: Kaspersky Lab Analysis Report “Dvmap: First Code Injection Android Malware”

The post Google App Store has the first code injection Android malware appeared first on Penetration Testing.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s