PC users have to often worry about malware and viruses, Windows users more so than others. Android has been a platform where the occasional malware or two has been spotted from time to time, but nothing as sinister as the dvmap malware has ever been spotted. Apps on the Google Play Store can generally be trusted to be safe as Google’s safety measures ensure that no malware passes through. However, this was the first such app in the Google Play Store that can inject code into your Android system by gaining root access of your device.
The malware was spotted by the team of researchers at Kaspersky Labs who found this malware hidden behind the colourblock game. The game has had over 50,000 downloads. Let us now take a look at what this dvmap malware does and how it got past the Google Play Store security measures -
Dvmap Malware: How it Bypassed Google’s Security Measures
The dvmap malware managed to find a place on the Google Play Store, and while there have been some malware which have found a way into users’ phones, none of them can inject codes on to your phone. The claim to fame for this malware is that it can gain root access and then ineject a code on your device.
However, before we discuss what it does, here’s how it managed to get in the Google Play Store despite being a malicious app: The developers of this app uploaded a clean version, then updated the app with a malicious code. They left it for a while, and on the same day, they changed it back to a clean version. This was repeated five times between the 18th of April to 15th of May, as observed by Kaspersky.
What Does the dvmap Malware Do?
The dvmap malware attempts to gain root access on the device it is installed on. Following that, it tries to install several modules on the phone, some of which are written in Chinese. Along with this, the malware also installs an app called “com.qualcmm.timeservices.” This malware affects both, 32 bit and 64 bit android smartphones.
In order to ensure that the com.qualcmm.timeservices app gets installed, the dvmap malware will override your phone’s settings, and it will enable the option of ‘install verified apps’. This timeservices app acts as the link between your phone and the attackers command and control center. Basically, this gives the access of your entire phone to the attacker.
This is indeed an alarming situation and if malicious apps like these can breach the barriers of the Google Play Store, it is quite possible that there might be more of them. Stay tuned with us and we will update you with all the latest information on Android security.
