Brain Test may sound like a medical exam, or even like an app, but it is neither. It is a form of malware, which affects Android devices.
The existence of such a malware, was first reported back in September 2015, when a few android apps were found to ship with it. But it appears that Brain Test has returned to haunt Google Play again.
Security Firm and mobile antivirus maker, LookOut, found not one 13 Android apps and games which contained the malware. Lookout then reported the issue to Google, which promptly removed the infected apps from the Google Play Store.
The apps in question, reportedly had lots of downloads and reviews, with one game supposedly having 10000-50000 installs, a 4.5 star rating with 23000+ reviews. Another one had 500,000 to 1,000,000 installs with a 4.5 star rating and nearly 80000 reviews. Shocking isn’t it?
How is this possible?
The games and apps were not published by one developer, and instead were distributed under different accounts. They were all found to be fully functional games/apps, but they did contain some malicious scripts which allowed them to download apps in the background without the user’s knowledge, and even automatically review the apps.
The Brain test Malware affected both rooted and unrooted devices, with a particularly bad effect on the former. On rooted devices, the malware would copy itself to the /system partitions, to remain even after a factory reset.
Malware on Android is no joke, ever heard of the Shedun, ShiftyBug and Shuanet malwares? These are the toughest malwares to get rid of. Unfortunately Brain Test is a similar one.
The only way to remove it from the device is to wipe the device completely, including the /system, and then install a custom ROM or stock firmware.
One of my friends was a victim of the dreaded Shedun malware, on his HTC Desire 620 Dual SIM phone. One of his friends installed an app on the device after which some message used to pop-up saying something about a firewall service. A scan with Lookout revealed that it was the Shedun malware.
Factory resets, and full wipes of the device did not get rid of the malware. Unfortunately the phone did not have any developer support, aka ROMs, and a stock firmware was not available either. So we could not erase the /system partition. The only option was to take it to a HTC Service Center and hope to get them to flash the firmware. Fortunately, the service center was able to do so, and did so for free, because the device was still in warranty.
This was lucky, as OEMs could charge a hefty fee, for a device which did not have a standing warranty.
It is and has, always been inevitable that popular operating systems are targeted my malware makers, and Android is no exception.We are not saying that an antivirus is necessary for Android devices, but a little caution would do you good.
Here are some ways to spot a fake app:
1. Look at the app’s permissions, if you find that they are irrelevant to the app, it is likely to be a spammy/malicious one.
2. Check the developer’s info provided at the Play Store Listing. Does it have a functional website, an email id related to the developer’s name or the app’s name, and a physical address with zip code (pin code)?
3. Check the screenshots of the app, and maybe a video if available.
4. Does the app’s description contain broken grammar or erroneous spelling?
Never download apps or visit links which are recommended by unknown senders in WhatsApp, Viber, etc. Instant messaging services are often used for spreading malware. And also, when updating apps and games from third party websites, make sure the hosting website is a legitimate source.
If none of those help you, a quick search on Google will likely return some information about the app, or even a query about it on Reddit, or you could ask a tech savvy friend about the app/game.