An Android app managed to infect about 1 million platform users. The app is available from Google's Play Store, and researchers say it's almost impossible to uninstall. Called Brain Test and is a simple tool for IQ test, and contains a combination of malware.
According to the Check Point research team, the application was detected through the company's threat prevention system for the first time on a Nexus 5.
Because his owner, after receiving the malware notification, failed to uninstall the malicious application, Check Point decided to take a closer look at the source of the infection.
So by reverse-engineering the Brain Test app, researchers discovered a very well-designed malware that allowed attackers to install applications third parties on the victim's phone, having previously gained access to the root of the device.
Delving further into the matter, researchers discovered a complex system that allowed the malicious software to avoid detection by Google's Bouncer, an automated system for checking applications uploaded to Google Play Store.
So the Brain Test found its way to the devices of its victims. The application ran a time bomb every time the user opened it for the first time.
This function was running after delay 20 seconds, once every 2 hours, and would slowly download and extract the necessary code to gain root privileges on the victim's device. .
As soon as it was able to get root, the Brain Test application could install another application, brother.apk, which checked if the first one was running properly, if it was removed by the user, it installed it again.