14 DAY TRIAL // A rather nasty Android trojan called Dvmap was found on Google Play. Thankfully, Google has removed it from the Play Store already.
Dvmap was discovered by Roman Unuchek, senior malware analyst with Kaspersky Lab, back on May 19, while looking at results from an internal system he monitors to find new strains of rooting malware. Unuchek informed Google of the situation on May 25, after running some more checks.
Embedded in a game called colourblock, which was marketed as the "simplest, challenging, addictive" puzzle game, the trojan was particularly nasty, having the capability of rooting an Android device and injecting malicious code into the infected device's system library.
Basically, once the app was installed, the trojan tried to gain root access by launching a start file which checked the version of Android the device was running, and tried to locate which library to inject its code into. If the operation was successful, the malware installed tools to connect the trojan to the C&C server.
Silence on the other end
The odd part of the whole business was that the server never responded back to the prompts sent by the trojan, indicating that the malware isn't completely ready yet or it has yet to be implemented.
It seems that since the beginning of March, the hackers behind Dvmap have uploaded multiple versions of the game, starting with a clean version, followed by a malicious one and so on.
Another nasty component of this malware is the fact that once the newly patched system libraries execute a malicious module, it can turn off the VerifyApps feature, which is Google's Android malware scanner. It then uses the control it has over the device to allow it to install apps from anywhere, not just Google Play Store, which may bring in even more infected apps.