Dvmap is a type of Android rooting malware that has been downloaded more than 50,000 times from the Google Play Store. This malware is capable of injecting malicious code into the system runtime libraries, either libdmv.so or libandroid_runtime.so and monitor information and install other applications. If successfully executed, Dvmap can connect to a command and control server, but according to Kaspersky Labs, the command server does not respond with the instructions.
Dvmap is able to bypass Google Play Store’s security checks because malicious actors uploaded a clean app to the store and then released an update to the app with the malicious version shortly after. This was done five times between April 18, 2017 and May 15, 2017.
- Kaspersky Labs researchers provide technical analysis here.