A security company in the mobile has discovered a network of malicious applications on the official store of Android, which performed operations without your knowledge.
Google has removed 13 apps from the Play Store after a group of security researchers had discovered abnormal behavior during operation. Applications indicted then carried out data downloads without your knowledge and trying to get root permissions to continue to act on your smartphone even after a reset to factory settings. Among the titles removed from the company of Mountain View also some moderately successful app.
Among these, we find that Honeycomb before deleting forced by Google had about a million downloads. To discover the presence of the group of malware, known as Brain Test, it was Lookout, signature that deals with security in mobile computing. The 13 applications enjoyed a good reputation not only in terms of numbers but also of the assessments of the users, on average, very high. According to the security company that came into play here it is the same malware.
In the official blog of Lookout: ” The explanation of the high rating of applications and hundreds of thousands of downloads is the malware itself. Many of the suspects are games app fully functional and fun to play. This app were able to use the compromised devices to download and review other positively malevolent of the Play Store app by the same authors. This helped to increase the number of downloads on the store. ”
Application Name | Package Name |
Cake Blast | com.zhtt.cakeblast |
Jump Planet | com.galaxy.jumpplanet |
Honey Comb | com.sweet.honeycomb |
Crazy Block | com.crazy.block |
Crazy Jilly | com.crazy.sugar |
Tiny Puzzle | com.dot.tinypuzzle |
Ninja Hook | com.sunshine.ninja |
Piggy Jump | com.stupid.piggyjump |
Just Fire | com.tomtom.justfire |
Eat Buble | com.fine.eatbubble |
Hit Planet | com.smile.hitplanet |
Cake Tower | com.beautiful.caketower |
Drag Box | com.block.dragbox |
The malware tried to detect if the user had access to root privileges on your smartphone and if so would have copied several files on the system partition to ensure its persistence even after a factory reset. It is a modus operandi that we have seen in recent months used on malware families Shedun, Shuanet and ShiftyBug, very difficult – if not impossible in some cases – to be removed permanently from the device.
If in the cases, in November the infected applications were on store third party, the new case discovered by Lookout appears more worrying given that the malware was hosted on Google Play Store that are pre-installed on most Android devices on the market.
The risks for the user were not very serious, since only performed unauthorized downloads of other apps, but the infected apps were designed to be performed remotely, also a series of fraudulent actions.
In case you had installed an application of the table, the best way to proceed to the elimination of new malware family Brain Test is to make the back-up of sensitive data stored on the smartphone and install from zero the official ROM provided by the manufacturer. The factory reset is also in this case insufficient.