SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
23 Sep 2015

Advanced malware gets into Google Play store

Within the past month, malware disguised as an Android game twice made its way into the Google Play store and each time had between 100,000 and 500,000 downloads – making for a potential total infection rate of one million users.

The threat is a working game called Brain Test and it was identified by researchers with Check Point.

Currently it has only been observed pushing advertisements, but the malware is quite advanced – it uses tricks to bypass app vetting system Google Bouncer, it uses privilege escalation exploits to gain root access on the device, and it takes steps to maintain persistency so it cannot easily be deleted. Even the way it pushes ads is aggressive since they can appear on any screen at any time, Avi Bashan, technology leader at Check Point, told, noting that the malware has a sophisticated framework that is only a few tweaks away from being able to practically take over a device.

According to Check Point Software Technologies, the Brain Test malware is able to place a rootkit on an infected Android device, enabling an attacker to run arbitrary code. There are multiple security mechanisms in place in Android and the Google Play site to prevent malware from running, yet the BrainTest malware was able to avoid them all using a number of different techniques.

Bashan said that the first version of Brain Test went into the Google Play store at an unknown date and was taken down on Aug. 24, and the second version went up on Sept. 10 and was taken down by Google on Sept. 15. The app, he added, does not ask for permissions or do anything glaring that would tip the user off that it is malicious.

Those who downloaded it will have to re-flash their device with an official ROM. Bashan said this is because “additional apps are used in order to preserve persistency on the device, so even if the user tries to delete the Brain Test app, the other app will reinstall the Brain Test app again without user confirmation.”

Bashan noted that the author of Brain Test showed additional sophistication when uploading the app to the Google Play store a second time. He explained how the developer used a tool made by Baidu – called Packer – that obfuscates code and hinders analysis and reverse engineering efforts. Meanwhile, the creator of Brain Test is not the only individual writing persistent malware for Android devices. Earlier Apple's iOS App Store suffers major attack.

Tags:
Google information leaks Android Google Play
Source:
SC Magazine
2659
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015