Dec 22, 2024 | Updated: 11:35 AM EDT

Beware The IQ Test: Chinese Malware Developer Sneaks Infected App Into Google Play TWICE, Around 1M Devices Infected

Sep 24, 2015 10:41 AM EDT

It would be easy to understand how unwitting internet users would be duped into taking one of those “IQ Tests” on banner ads. Some of these IQ tests require users to give their mobile numbers, which would eventually hook them into a mobile service that charges their carrier for a monthly subscription they did not want to sign up for, in the first place. But it is interesting how this other “IQ Test” game infiltrated the Google Play Store not just once, but twice. And it even racked up 1 million downloads.

With these 1 million downloads are 1 million devices infected with rootkit codes. On Androids.

A rootkit is a code that embeds itself into the kernel, the “root” of the system. They hide the malware from antivirus software, which then allows the malware to run unimpeded. The malware can then be executed for whatever purpose it was coded: Gather data, damage system and app functions, and possibly even replicate itself. Windows users have been infected with rootkits, and now, Androids are being infected with this. The latest Android threat is “Brain Test” by a developer named “bajoelmantoh7,” which malware labs surmise, hails from China.

With this latest security threat, it seems like Chinese malware developers have been busy on the mobile platforms this quarter.

The malware app has been observed to just push unwelcome advertisements so far, but since it is a rootkit and has gained access to around a million devices before it was taken down from the Google Play Store, it is very likely that the app could be repurposed to do more than just push ads. There is a very high likelihood that it could be used to gather data, as well as download more malicious malware into the infected devices.

Currently, the only suggested option for the users with infected devices is to re-flash their ROMs. The malware is very persistent, as it re-installs itself even after uninstalling all of its associated packages. There are some tech blogs that have stated that Google will be unable to patch this vulnerability, although Google has already pulled out the offending app, yet again, from the Play Store.

Google purchased an app-filtering system that allows it to automatically sift through the apps that apply for a spot on the Google Play Store. This system, called the “Google Bouncer,” fittingly, is an in-house anti-malware software that the company rolled out and attached to the Google Play Store app-approval system back in 2012. Apparently, the Chinese hackers employ a very sophisticated code that enabled them to bypass Google Bouncer.

The cleanup is going to be a massive nightmare, but this certainly reminds the Android-using public that at the end of the day, the best line of defense is in their own hands.

Droid Report cannot stress it enough: The user is the gateway. Think twice before installing apps. If it looks shady, shoddy, or worthless, it probably is.

***

The existence of “Brain Test” was reported by Check Point Software Technologies Ltd. Read more about their discovery of the malware on their blog: https://blog.checkpoint.com/2015/09/21/braintest-a-new-level-of-sophistication-in-mobile-malware/

Real Time Analytics