The Dvmap trojan has been hidden in many Google Play for months and was installed over 50,000 times. After seeking root access and dropping its payload, the malware covers its tracks. Interestingly, Dvamp also works on 64-bit version of Android.
The origin of the trojan came when the creators would upload a clean app to Google Play and then update it with the malware for a short period of time before replacing it with the clean version once again.
So what exactly was the goal of Dvamp? Researchers believe it was to enable the installation of apps from third party vendors and execute downloaded files delivered from a remote server. No files were sent during the testing, however, indicating that Dvamp was still in its early stages and not fully functioning.
This new development of code injection is a very dangerous new development that will need much research and testing before it is mitigated. Since the approach can be used to execute harmful modules, anything downloaded after the infection will not spot the malware.
If you think you have been infected, researchers suggest a data backup and a factory reset. Otherwise, be on the lookout.