An Android app managed to infect about 1 million platform users. The app is available from Google's Play Store, and researchers say it's almost impossible to uninstall. Called Brain Test and is a simple tool for IQ test, and contains a combination of malware.
According to her research team Check Point, the app was detected by the company's threat prevention system, first on a Nexus 5 device.
Because its owner, after receiving it noticemalware, failed to uninstall the malicious application, Check Point decided to take a closer look at the source of the infection.
So with reverse-engineering in the Brain Test application, researchers discovered a well-designed malware that allowed attackers to install third-party applications on the victim's phone after they had access to the root of the device.
Delving even further into the matter, the researchers discovered a complex system which allowed the malware to avoid detection by Google's Bouncer, an automated system for checking apps uploaded to the Google Play Store.
So the Brain Test found its way to the devices of its victims. The application ran a time bomb every time the user opened it for the first time.
This function ran after a 20 second delay, once every 2 hours, and slowly downloaded and unzipped the necessary code to gain root privileges on the victim's device itself. .
As soon as it was able to get root, the Brain Test application could install another application, brother.apk, which checked if the first one was running properly, if it was removed by the user, it installed it again.