Brain Test malware is back. Its developers compromised 13 apps on the Google Play Store, Lookout cyber security firm discovered last December. Google reacted promptly.
Check Point Mobile Threat Prevention had first found two Brain Test malicious apps in September. Google removed the threats less than a week later. A similar story back in October when Lookout found another bunch of “infected” apps.
With a four-star review score, hundreds of thousands of downloads and a legitimate-enough looking game – such as Cake Tower, Cake Blast, Eat Bubble etc. -, the malicious apps were appealing to users and did not show any relation to obtrusive adware. Brain Test vicious apps were specifically designed to attempt to gain root privilege, to resist factory resets and all other measures in place to remove them.
The clue that “gave away” the infected apps was an update Brain Test developers issued that turned on functionalities not dissimilar to those found in the initial version of Brain Test, reports ZDNet.
The positive reviews were a consequence of a compromised device which was then “forced” to download and post high-starred reviews in Google Play Store on other apps by the same authors. It was designed to carry on doing so, even after a complete factory reset.
“In order to facilitate the installs, they rely on compromising a large number of devices and then pushing the installs to those devices” – Lookout explained. A money-making chain reaction founded on the malware‘s ability to download additional configuration parameters and execute arbitrary commands as root, as well as load and execute Java code.
Similar tactics were deployed by other malware developers, such as Shedun, ShiftyBug, and Shuanet.
Remember, cyber criminals develop one Android malware every 17 seconds.
What can a user do once his device contracts the infection? And what if it’s an Android device – which is deemed to have been more exposed than ever to auto-rooting apps recently? Lookout explained that – whilst a factory reset won’t be effective in removing the malware on an Android device – the best solution at hand would be that of re-flashing a ROM (read-only memory) supplied by the manufacturer – whose guidelines on the matter should be carefully followed.
Lookout added that malicious adware, tailored to be disguised as legitimate apps or more famous apps lookalikes – such as Candy Crush, Facebook, Snapchat, Whatsapp etc.- was aimed at stealing consumer data. Over 20,000 apps were found swimming around this ill-intended ecosystem whose aim was to trick consumers into downloading legitimate-looking apps from areas other than the Google Play Store.