A new Android Trojan with a few new tricks up it’s sleeve removed from Google Play Store
Security researchers at Kasperksy Lab discovered a new Android Trojan in the Google Play Store. This malware had a few new tricks to play.
The malware was found in an app called Colourblock and is called Dvmap. The attackers managed to trick the Google Play Store by uploading a benign version of the app, later updating with a malicious version, and then again updating with a malware free version. They managed to do this at least 4 times in 5 weeks before being found out.
Once installed, the malicious version of the app would install several tools to root the Android device. Once rooted, the malware has the ability for code injection, overwriting the Android code with malicious code.
In typical fashion, once installed, the malware awaits instruction from command and control servers, however while Kaspersky was testing, they never received any directions from the servers. Luckily, the malware was cut off at an early stage, although many have already been affected. It is still unknown what the ultimate goal of the malware was, although now a new method to trick the Google Play Store’s security checks have been found, and Google can work to block this method.