An Android app managed to infect about 1 million platform users. The app is available from Google's Play Store, and researchers say it's almost impossible to uninstall. Called Brain Test and is a simple tool for IQ test, and contains a combination of malware.
According to the Check Point research team, the application was detected through the company's threat prevention system for the first time on a Nexus 5.
Because his owner, after receiving the malware notification, failed to uninstall the malicious application, Check Point decided to take a closer look at the source of the infection.
So with reverse-engineering in the Brain Test application, researchers discovered a well-designed malware that allowed attackers to install third-party applications on the victim's phone after they had access to the root of the device.
Searching for more, the researchers discovered a complex system that allowed malware to avoid Google's Bouncer tracking an automated system to control apps that go to the Google Play Store.
So the Brain Test found its way to the devices of its victims. The application ran a time bomb every time the user opened it for the first time.
This function ran after a delay of 20 seconds, once every 2 hours, and slowly downloaded and decompressed the necessary code to acquire the same root rights on the victim's device. .
As soon as it was able to get root, the Brain Test application could install another application, brother.apk, which checked if the first one was running properly, if it was removed by the user, it installed it again.