A Trojan that has been distributed through an App existing in the Google Play Store is said to secretly roam Android phones, according to the security experts of Kaspersky, to gain full system access. The compromised app is called colourblock and looks like a puzzle or tetris game, the Trojan was christened by the researchers Dvmap. The app has been removed in the meantime, but has already recorded 50,000 downloads at this time.
According to the data so far, Kaspersky assumes that colourblock was only a first test of the Dvmap makers, which could now follow further infected apps. Apparently, the app was first loaded into the Google Play store without the Trojan and then updated almost 100 times, without Google’s security measures against such manipulations.
After the one-time installation on an Android smartphone, Dvamp is to exploit several weaknesses of the operating system and can roam the basic Android version. Unlike previous malware, Dvmap is also supposed to attack 64Bit systems and introduce malicious code into system libraries. Especially perfidious is that Dvmap can also suppress dialogs with which the user would be informed about the request of extended administrator rights.
There is little known about the manufacturer of the Trojan called Retgumhoap Kanumep, the code searched by Kaspersky should contain annotations in Chinese language. During the investigation, the app or the malware should have received multiple connections to servers without any actions being taken. Theoretically, Dvmap would be suitable to load more malware on the smartphone or to integrate advertising ads – by the elimination of the extended powers, the creators are actually all conceivable possibilities open.
Security experts are assuming that the widespread use of working security solutions for Windows operating systems and the ever-growing use of mobile operating systems such as iOS and Android will lead to more and more attacks on smartphones. The criminals are faced with the fact that many smartphone manufacturers do not spread or only very delayed updates against long-discovered exploits. This, in turn, has system-driven reasons for Google to get to grips with Google as quickly as possible.
Particularly problematic is the fact that in the recent past attack scenarios have emerged again and again, which had their origin in secret surveillance activities and thus in state institutions. All relevant manufacturers – Microsoft, Apple, Google – have always pointed out in this context that the respective states endanger the security of companies and citizens.