Brain Test — The malicious software family — has managed to make a comeback affecting as many as 13 Android apps, with hundreds of thousands of downloads, from the Play Store. Google has removed all the infected apps from its Store.
“On December 29 we confirmed our suspicions that additional apps containing Brain Test malware were in Google Play. We found 13 Brain Test samples in total, written by the same developers. We contacted Google, who promptly removed these 13 apps from the Google Play Store,” states cybersecurity firm, Lookout, which reports the return of Brain Test malware in the Play Store.
The infected apps removed from the Play Store are the following:
Cake Blast, Jump Planet, Honey Comb, Crazy Block, Crazy Jelly, Tiny Puzzle, Ninja Hook, Piggy Jump, Just Fire, Eat Bubble, Hit Planet, Cake Tower and Drag Box.
What’s the Brain Test malware?
The malicious app basically attempts to detect if a device is rooted (Rooting is the process of allowing users of smartphones, tablets and other devices running the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems, it’s like Jailbreak for iOS), and then it copies several files to the/system partition.
Performing factory reset is not enough to remove the app from the compromised device, as the process does not clear the/system partition.
If your device is rooted and you think that your device has been compromised with this malware, the best solution is to first create a backup of all important data of the Android device and then re-flash stock update released by the manufacturer.
The current version of the Brain Test malware bears features similar to the original version of the malware detected in September 2015. Brain Test was first discovered by cybersecurity firm, Check Point, in September, which claims the malware was published to Google Play Store twice, with each instance having between 100,000 and 500,000 downloads. The malicious apps that had affected 200,000 to one million users, was later on removed from the Play Store.
The primary goal of this malware is to download and install additional APKs, directed by the C2 (Command and Control) server. The developer of the malware uses infected devices to download other malicious software, which in turn boosts the download numbers for each app and can post fake reviews.
Lookout states that it took the authors of the malware more than two or three months to explore means to publish the affected apps in the Play Store. A few days before Christmas 2015, the Cake Tower app received an update, which featured a similar functionality found in the initial version of Brain Test, as well as included a new command and control (C2) server.