Now you cannot test your IQ without getting your mobile compromised — The malicious new Android app has already infected more than 1 million users —This sinister app is available at Google Play Store and easily evades detection.
The infection was detected firstly on the Nexus 5 device by Check Point’s security research staff working at the firm’s Mobile Threat Prevention system.
Since the owner did not uninstall this app, despite being notified of a malware alert, Check Point’s team had to look closely to find the source of infection.
Check Point’s Startling Revelations:
During the inspection, the Check Point research team detected a sophisticated piece of malware via reverse-engineering of the app.
This particular malware installs third-party apps on the user’s device by rooting the device and making it boot-resistant.
This app, reportedly, is equipped with a complicated detection evading mechanism. When the team dug deeper, it was identified that the malware could avoid detection by Google Bouncer.
Google Bouncer is an automatic app testing system that detects inherent security issues of the device.
The malware embedded a code that even prevented its execution in case of detection of certain IP ranges that control the app or domains having terms like “Google”, ”Android”, ”1e100.”
After evading the mighty Bouncer’s check and installing itself permanently on the Android device, this app executes a time bomb function immediately after its first run.
This particular function gets executed exactly after a delay of 20seconds after every 2 hours. The app then slowly downloads and unpacks the code needed to give itself root permission through four chained exploits.
Double Trouble— The Malware has a Sibling too:
After rooting, the app makes room for its brother, which is another app called brother.apk.
This new app collaborates with Brain test and checks if the malware is installed and rooted.
Now, if any of the two is separated, that is, if one is uninstalled or removed, the other would reinstall it after two hours.
On September 10, Check Point researchers notified Google about the malicious app and it took its engineers five days to take the app down.
However, after a few days Brain Test was re-uploaded, which Check Point’s Mobile Threat Prevention system identified quickly and Google was again alerted.