319:
147:
External payloads - via command and control system. The system used up to five external servers to provide variable payload, believed to be primarily advertising related.
144:
to the system were included, to account for variations in the kernel and drivers of different manufacturers and
Android versions, which provide alternative paths to root.
341:
316:
71:
The malware is thought to have been written by
Chinese actor, according to Shaulov of Check Point, based on the use of a packing/obfuscation tool from
231:
306:
106:. The fact that the system was unable to remove the malware alerted the software company's researchers that it was an unusual threat.
150:
Packing and time delay. The main downloaded malware portion sits in a sound file, the bootstrap code unpacks this after a time delay.
273:
194:
301:
260:
133:
209.85.128.0–209.85.255.255, 216.58.192.0–216.58.223.255, 173.194.0.0–173.194.255.255, or 74.125.0.0–74.125.255.255, or
45:
Brain Test was uploaded on two occasions (com.zmhitlte.brain and com.mile.brain), starting in August 2015, both times
216:
103:
42:
app store until 15 September 2015. Check Point described Brain Test as "A new level of sophistication in malware".
153:
Dual install and re-install. Two copies of the malware are installed. If one is removed the other re-installs it.
27:
92:
53:" failed to detect the malware. After the first removal on 24 August 2015 the software was reintroduced using an
61:
said the "Bypassing the vetting processes of Apple and Google is the keystone in a mobile malware campaign."
346:
261:
Detailed coverage at Forbes
Chinese Cybercriminals Breached Google Play To Infect 'Up To 1 Million' Androids
239:
58:
84:
121:
The malware was uploaded in two forms. The packing feature was only present in the second.
113:
on a device if Brain Test has successfully installed a reinstaller in the system directory.
110:
80:
79:-owned company, found links to may other pieces of malware, based on the id used to access
323:
126:
50:
335:
310:
168:
134:
54:
39:
35:
130:
76:
141:
99:
68:, the revelation being described as "more cunning than first thought".
65:
23:
163:
46:
217:"Malware hits the Google Play Android app store again (and again)"
72:
274:"Malicious Brain Test App Thwarts Google Play Android Security"
109:
According to Check Point, it may be necessary to re-flash the
88:
195:"BrainTest – A New Level of Sophistication in Mobile Malware"
193:
Polkovnichenko, Andrey; Boxiner, Alon (21 September 2015).
31:
129:
by avoiding malicious behavior on Google servers with
232:"Brain Test malware more cunning than 1st thought"
34:. Brain Test was discovered by security firm
8:
188:
186:
184:
98:It appears the app was first detected on a
272:Kerner, Sean Michael (21 September 2015).
180:
140:Root exploits. Four exploits to gain
7:
64:The malware turned out to include a
215:Graham Cluley (23 September 2015).
342:Android (operating system) malware
14:
87:accessed by the apps and shared
137:"google", "android" or "1e100".
104:Mobile Threat Prevention System
230:Cett, Hans (2 November 2015).
1:
302:Detailed coverage at Forbes
363:
30:app that tested the users
38:and was available in the
322:26 November 2015 at the
57:technique. Tim Erin of
16:Android based malware
125:Evades detection by
102:using Check Point's
242:on 26 November 2015
75:. Eleven Paths, a
26:masquerading as an
354:
289:
288:
286:
284:
269:
263:
258:
252:
251:
249:
247:
238:. Archived from
227:
221:
220:
212:
206:
205:
203:
201:
190:
362:
361:
357:
356:
355:
353:
352:
351:
332:
331:
324:Wayback Machine
317:Washington Post
298:
293:
292:
282:
280:
271:
270:
266:
259:
255:
245:
243:
229:
228:
224:
214:
213:
209:
199:
197:
192:
191:
182:
177:
160:
119:
22:was a piece of
17:
12:
11:
5:
360:
358:
350:
349:
347:Mobile malware
344:
334:
333:
328:
327:
314:
304:
297:
296:External links
294:
291:
290:
264:
253:
222:
207:
179:
178:
176:
173:
172:
171:
166:
159:
156:
155:
154:
151:
148:
145:
138:
127:Google Bouncer
118:
115:
15:
13:
10:
9:
6:
4:
3:
2:
359:
348:
345:
343:
340:
339:
337:
330:
325:
321:
318:
315:
313:on Brain Test
312:
311:Graham Cluley
308:
305:
303:
300:
299:
295:
279:
275:
268:
265:
262:
257:
254:
241:
237:
233:
226:
223:
218:
211:
208:
196:
189:
187:
185:
181:
174:
170:
167:
165:
162:
161:
157:
152:
149:
146:
143:
139:
136:
132:
128:
124:
123:
122:
116:
114:
112:
107:
105:
101:
96:
94:
90:
86:
82:
78:
74:
69:
67:
62:
60:
56:
52:
48:
43:
41:
37:
33:
29:
25:
21:
329:
281:. Retrieved
277:
267:
256:
244:. Retrieved
240:the original
235:
225:
210:
198:. Retrieved
135:domain names
131:IP addresses
120:
108:
97:
70:
63:
44:
19:
18:
283:27 November
246:27 November
200:27 November
169:Xcode Ghost
142:root access
83:, Internet
55:obfuscation
40:Google Play
36:Check Point
336:Categories
175:References
77:Telefonica
20:Brain Test
278:eweek.com
236:GoMo News
320:Archived
158:See also
117:Features
95:images.
59:Tripwire
100:Nexus 5
85:domains
66:rootkit
51:Bouncer
28:Android
24:malware
164:Shedun
47:Google
309:from
307:Video
81:Umeng
73:Baidu
285:2015
248:2015
202:2015
91:and
49:'s "
111:ROM
93:png
89:jpg
338::
276:.
234:.
183:^
32:IQ
326:.
287:.
250:.
219:.
204:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.