A powerful Android trojan with novel code injection features that posed as a game was distributed through the Google Play Store before its recent removal.
The Dvmap trojan installs its malicious modules while also injecting hostile code into the system runtime libraries. But Dvmap has other tricks up its sleeve. Once successfully installed, the malware deletes root access in an attempt to avoid detection.
“The introduction of code injection capability is a dangerous new development in mobile malware,” according to Kaspersky Lab. “Since the approach can be used to execute malicious modules even with root access deleted, any security solutions and banking apps with root-detection features that are installed after infection won’t spot the presence of the malware.”