On Wednesday, Google Play Store Lookout Security stated that not all apps in Google Play Store were legitimate software. This was after they discovered 13 apps had the ability to gain root privilege making the irremovable by uninstalling the app or factory reset.
A checkpoint had initially spotted this type of malware back in September 2015. The malware were using privilege escalation to install a rootkit on a victim’s device. During October, this malware was discovered in Google Play Store. These were removed but in December similar Brain Test Malware from the same developer were discovered in Google Play Store.
The central question after the discovery of this malware is how they found their way to Google Play Store. Chris Dehghanpoor stated that these apps had the ability to enter Google Play Store with a legitimate looking game. This malwarewas highly downloaded. Examples Honeycomb, which had a million downloads and Cake Tower had been downloaded between 10,000 and 50,000 times before they were removed. This was alongside older samples thathad, at least,a half a million downloads.
Lookout stated that over two to three month, these app developers used different names, techniques, and games to observe how the app would publish in play. Older Brain Test Variant had the ability to gain root privilege while opening a backdoor connection to control server. Lookout also stated that the primary goal of the app was to download and install additional APKs. The infected devices would be used to download other malicious software. This would inflate the number of downloads. This app also had the ability to review positively other apps from the same developer. This enabled them to achieve a favorable rating.
Since these apps are part of an affiliate program, which offers rewards to users and website owners through a pay-per-install scheme, the authors of this malware were making high profits by infecting smartphones with this unwanted app.
Most of these apps had no significant damage to any smartphone though uninstalling them would be difficult. The best option is to backup your data and then reflash the ROM, which has been provided by the device maker.