First Android malware with code injection has arrived
Android malware has entered a new era: code injection. According to a report in The Register, the Dvmap trojan, which hid inside several games in Google Play for months and was installed over 50,000 times, “installs its malicious modules while also injecting hostile code into the system runtime libraries”.
After seeking root access and dropping its payload, the sophisticated malware then patches root to cover its tracks. Interestingly, Dvmap also works on the 64-bit version of Android, can disable Google’s Verify Apps security feature and used a truly novel approach to avoid detection by Google.
The trojan’s creators would upload a “clean” app to Google Play and then intermittently update it with the malware components for a short period of time before replacing it with the clean version once again. The modules were constantly sending reports back to the malware’s authors, leading Kaspersky Labs, who discovered the trojan, to believe it was still in an early testing phase.