Would've be nice to name the game... and the company involved as well.
Say hello to Dvmap: The first Android malware with code injection
A powerful Android trojan with novel code injection features that posed as a game was distributed through the Google Play Store before its recent removal. The Dvmap trojan installs its malicious modules while also injecting hostile code into the system runtime libraries. But Dvmap has other tricks up its sleeve. Once …
COMMENTS
-
-
Friday 9th June 2017 19:54 GMT scrubber
Learn from https
Google have decided that unencrypted connections are bad, they should be doing the same for apps. Any app that requires additional access should have to justify it before an update is allowed on the store. Doesn't stop lazy programmers that want full access on first install (HSBC!) But would be a start.
-
Friday 9th June 2017 20:09 GMT Charles 9
Re: Learn from https
Whether or not the connection is encrypted doesn't help here. An HTTPS connection to a C&C server is just as bad: worse, actually, since the traffic can't be sniffed easily.
In any event, if the game needed network access to begin with (for legitimate updates and content downloads), that would easily disguise the malware download.
-
-
Saturday 10th June 2017 01:15 GMT jelabarre59
Rooting
Gee, a malware app that can root unrootable devices. Sounds like they would have been better off selling it *as* a root tool for those of us who want to unlock all our locked devices we paid good money for. Then it could be used to remove that special category of malware known as "bundled/built-in apps".
-
Saturday 10th June 2017 08:09 GMT Anonymous Coward
"Developers bypassed the store's security checks by uploading a clean app at the end of March. They then updated this with a malicious version for a short period of time before uploading another clean version." So Google does not check the software before making it available for download but posts it immediately, checks it in background when it has some time to spare and removes it if something suspicious is found? I find it hard to believe.
-
-
Monday 12th June 2017 13:56 GMT Christian Berger
Re: Sounds like you need a modified device
This was apparently on the Play Store and worked on unmodified devices.
The problem simply is that sandboxes don't work. They may improve security a bit, if you manage to make them without increasing the complexity a lot, but they don't work against malware. We'd probably be better off with a simpler device which features a "mobile touch terminal" that would connect to remote services without actually executing Turing complete code.
-
Monday 19th June 2017 11:34 GMT Charles 9
Re: Sounds like you need a modified device
That would just move the target, though. At SOME point, if you want the phone to be a mobile data device, you're going to NEED a Turing-complete implementation SOMEWHERE. And YES, I DO find a mobile data device to be very useful for on-the-spot research and so on. I've just come to learn that malware comes with the territory, just as jungles come with beasts, oceans come with sharks, and so on. Of course, I'm still concerned a clueless user takes others with him/her like a Private Snafu.
-
-
-
Monday 19th June 2017 10:58 GMT j0nnyf1v3
There is malware that jumps VM's and fu*&ing air-gaps... This ain't $h1t.
Charles 9 is correct. It will use an exploit, usually dirtycow, to temp root for that instance only. It will lock up the device after it does its bidding via kernel panic or OOM event forcing the user to restart the device, thereby effectivly erasing the root yet leaving the code nestled between your /system files and your /data files... Both need root to write to. Anyway that is what I heard from SWIM....