It looks like a tedious and vicious cycle – as Google and Android’s security get better, malware gets better as well. Kaspersky Labs points us to “Dvmap”, a new rooting malware that is different from the others in that it injects malicious code into your system. Yikes.
The new malware, formally named as “Trojan.AndroidOS.Dvmap.a” is distributed like most rooting malware are – it gets installed via a malicious app on the Play Store. Rooting malware is not a new thing, but what Dvmap does is particularly new – it injects malicious code into the system libraries – libdmv.so or libandroid_runtime.so.
This makes Dvmap the first Android malware that injects malicious code into the system libraries in runtime, and it has been downloaded from the Google Play Store more than 50,000 times. The malware creators got very creative here – they uploaded a clean app to the store at the end of March, 2017, and update it with a malicious version after a short period of being installed.
Kaspersky has already reported this to Google, and the offending app has been removed. But this should make you more careful of the apps you download from other dubious sources. For more details on Dvmap, check out the source link below.