It's unfortunate that Viruses and Malware developers will continue finding ways to bypass security on mobile devices and PC in order to harm or hold the owner at ransom. Few weeks ago, we talked about Judy which was a serious ransomware that autoclicks ads thereby generating money for the owner and Ransomware which encrypts (locks) folders on users PC and demand for some thousands of dollars as ransom in order to regain access to the files, but thanks to the developers who found a way to descript and fix it BUT now there is a new trending Virus called Dvmap that is attaching Android devices.
Dvmap is primarily targeting mobile devices, according to Kaspersky Labs . This threat is known as Dvmap, and it is different from all the malware we know and trust Google to protect us from.
Kaspersky has been monitoring the distribution of a Trojan horse in the Play Store since April 2017. Dvmap has been able to hide from Google’s protection and verification mechanisms by regularly swapping clean code with malicious code and vice versa. Now, we know that the Bouncers, which was introduced in 2012 to keep malware from the Play Store, can be tricked easily.
This malware, classified by Kaspersky Labs as Trojan.AndroidOS.Dvmap.a is a particularly tricky form of malware, according to experts. It tries to gain root access in four different ways, even with 64-bit compatible code. Worse, it injects malicious code into system libraries libdmv.so and libandroid_runtime.so. Subsequently, the Trojan horse triggers protection mechanisms to verify and install third-party apps. This is done by an administrator service called com.qualcmm.timeservices, which looks similar to a legitimate background service like com.qualcomm.timeservices. Note the difference between the two service names, as it is a common ruse employed by hackers and malware advertisers to trick users into trusting them.
Now, the malware could install third-party software on infected devices at a later date. The author could offer this ability to anyone interested, on the black market. Right now, a huge number of devices could be affected. But so far, only a maximum of 50,000 devices are reported to be affected.
REASON WHY IT'S TOO DANGEROUS
Theoretically, Google can delete harmful apps remotely from your device. However, since the malware manipulates system libraries, it could prevent Google from being able to do so, or report the uninstallation immediately to the malware’s author. The author could then install a different version of the malware to escape the protection mechanism again.
HOW TO FIX YOUR PHONE IF INFECTED BY DVMAP
Right now, only formatting the system partition and reinstalling the original firmware can save an affected smartphone.
HOW TO SECURE AND PREVENT YOUR PHONE FROM. BEING ATTACHED
The only way to prevent this from happening is to have the latest security patches. However, not everyone gets the updates, as manufacturers fear that if they do so they will not buy new phones. But ensure your apps are up to date. Refrain from the habit of downloading or collecting apps, music, files etc from untrusted sites, phones or PC.
via
Dvmap is primarily targeting mobile devices, according to Kaspersky Labs . This threat is known as Dvmap, and it is different from all the malware we know and trust Google to protect us from.
Kaspersky has been monitoring the distribution of a Trojan horse in the Play Store since April 2017. Dvmap has been able to hide from Google’s protection and verification mechanisms by regularly swapping clean code with malicious code and vice versa. Now, we know that the Bouncers, which was introduced in 2012 to keep malware from the Play Store, can be tricked easily.
How It Works
This malware, classified by Kaspersky Labs as Trojan.AndroidOS.Dvmap.a is a particularly tricky form of malware, according to experts. It tries to gain root access in four different ways, even with 64-bit compatible code. Worse, it injects malicious code into system libraries libdmv.so and libandroid_runtime.so. Subsequently, the Trojan horse triggers protection mechanisms to verify and install third-party apps. This is done by an administrator service called com.qualcmm.timeservices, which looks similar to a legitimate background service like com.qualcomm.timeservices. Note the difference between the two service names, as it is a common ruse employed by hackers and malware advertisers to trick users into trusting them.
Now, the malware could install third-party software on infected devices at a later date. The author could offer this ability to anyone interested, on the black market. Right now, a huge number of devices could be affected. But so far, only a maximum of 50,000 devices are reported to be affected.
REASON WHY IT'S TOO DANGEROUS
Theoretically, Google can delete harmful apps remotely from your device. However, since the malware manipulates system libraries, it could prevent Google from being able to do so, or report the uninstallation immediately to the malware’s author. The author could then install a different version of the malware to escape the protection mechanism again.
HOW TO FIX YOUR PHONE IF INFECTED BY DVMAP
Right now, only formatting the system partition and reinstalling the original firmware can save an affected smartphone.
HOW TO SECURE AND PREVENT YOUR PHONE FROM. BEING ATTACHED
The only way to prevent this from happening is to have the latest security patches. However, not everyone gets the updates, as manufacturers fear that if they do so they will not buy new phones. But ensure your apps are up to date. Refrain from the habit of downloading or collecting apps, music, files etc from untrusted sites, phones or PC.
via
thanks oga wizy for Your nice update
ReplyDeleteThanks for Your lovely update
ReplyDeletethanks oga wizy from look you will know that this virus is a wicked type and it looks scary.i pray it won't affect my phone.
ReplyDeleteWow tanx for the update wizy
ReplyDeleteHelpfull,tnx..lets all stay safe
ReplyDeleteNewly malware found again , I pray it won't affect my device sha
ReplyDeleteLet's try to prevent our fone, as u said in the last paragraph
ReplyDeleteThanks for the update wizy
ReplyDeleteNice update, thanks.
ReplyDeleteDownload app from third party site is not secure before, so why download from there?
Since I heard rooted phone will not have access to play store again I don unroot my phone back to normal, since then I they even enjoy my ba3 life than when its root.
nice update
ReplyDeleteThanks for the update but I have to point out a little mix up in the article.
ReplyDeleteJUDY as a virus is not locking folders and demanding for ransom but rather its RANSOMEWARE that locks folders.
JUDY is aimed at auto clicking on ads and thereby generating cash for the owner.
Some readers had missed this point and I'm sure some don't always read between lines
Thanks for the observation and correction. Edited!
DeleteAs at the time of this comment, JUDY was still showing and link was showing a post on JUDY.
DeleteBased on what i gathered from another site relating to this same issue, so many rooted phones have already been infected by this virus.
ReplyDeletenice update
ReplyDeleteNewly malware found again, I pray it won't affect my device sha
ReplyDeletethanks oga wizy for ur nice update. but how does it affect Android phone.
ReplyDeletebut can I download on youtube
ReplyDeleteYes but it's download and watch later
DeleteNice update Will be watchful
ReplyDeleteThanks for this info
ReplyDeleteThanks for the info
ReplyDelete