June 12, 2017 by

Dvamp is Android’s First Trojan Malware with Code Injection

A sophisticated and dangerous new trojan malware, Dvamp, has emerged as the first-known trojan for Android operating system with code injection.

In April this year, cybersecurity researchers at Kaspersky uncovered a new rooting malware being distributed in the Google Play store. Upon closer infection, researchers discovered that the malware goes beyond merely installing its modules onto the system. This malware, they found out, injects malicious code into the system’s runtime libraries, making it the first malware to affect the world’s most widely-used mobile operating system in such a manner.

Titled Dvamp, the malware uses a number of sophisticated techniques and bypasses Google Play Store’s security checks in a simple yet devious manner. For context, Dvamp was hidden inside a simple puzzle game made available on the Play Store. Developers behind Dvamp uploaded a clean version of their ‘game’ to the store near the end of March, 2017, before promptly updating it with a malicious version for a short period of time. Then, they would switch over, back to the clean version, on the same day. This was a pattern repeated at least 5 times between April 18 and May 15.

When it is installed, the Trojan looks to gain access to root privileges on the device to install its malicious modules. Once installed, the malware then deletes root access in its attempt to mask its presence and avoid detection.

If and when activated, the malware reports to a command and control server, even though researchers discovered that the server did not respond with any instructions.

Researchers wrote:

These malicious modules report to the attackers about every step they are going to make. So, I think that the authors are still testing this malware, because they use some techniques which can break the infected devices. But they already have a lot of infected users on whom to test their methods.

Altogether, the Trojan was downloaded over 50,000 times since March and Google has removed the malicious app from the Play Store after being notified by Kaspersky.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Popular Freeware Site Download.com Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward

Security Researchers Uncover ‘World’s Most Powerful Android Spyware’

Security researchers at Kaspersky have uncovered a new form of Android spyware with capabilities...

Read more arrow_forward

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the...

Read more arrow_forward