Android Malware Features a Dangerous New Attack

[monkeymagick]

Beware Android users, there's a trojan called Dvmap, using new techniques and good ol' false sense of security to infect your devices. Kaspersky Lab researchers discovered the malware disguising itself as a simple puzzle game, colourblock. The developers bypassed software checks by first uploading a "clean version" and then injecting code into the system library and removing root detection after obtaining root access rights through the user's permission. Already downloaded well over 50,000 times off the Google Play store, the app has since been removed.

Once successfully installed on the device, the trojan installs a root exploit back installing several tools - which appear to contain comments in Chinese, potentially pointing to the malware authors - in order to run the main phase and overwriting Android's code with malicious code. Researchers note that this could be "very dangerous" and cause some devices to crash.

 

[BulletDust]

How can the user give the app root access if the device isn't rooted? Am I reading that right?

 

[Uvaman2]

How can the user give the app root access is the device isn't rooted? Am I reading that right?

Its that Russian Kapersky Lab.. Russia being so advanced, the malicious code is probably not embedded in the app, but generated in your device when you see the words Kapersky Lab 3 times within a single webpage.

 

[BulletDust]

Its that Russian Kapersky Lab.. Russia being so advanced, the malicious code is probably not embedded in the app, but generated in your device when you see the words Kapersky Lab 3 times within a single webpage.

HA! Love it.

 

[blkt]

How can the user give the app root access if the device isn't rooted? Am I reading that right?

The key word here is root exploit.

Uvaman2 lol.

https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/

 

[BulletDust]

The key word here is root exploit.

Uvaman2 lol.

https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/

That makes more sense. Looks like a crap game, who'd download it anyway? 50,000 village idiots?

 

[nysmo]

How can the user give the app root access if the device isn't rooted? Am I reading that right?

It cant. This app only infects users with root access who then grant root permissions when the app asks for it, which makes you an idiot to get infected by this. The only "exploit" component of this is that it buries itself into the system by overwriting critical component files.

 

[Jim Kim]

On one hand, Google needs to get a handle on this.
On the other, who installs this crap.

 

[gxp500]

Does this root exploit work on the snapdragon s8?!? We need root damn it.