HOME

TheInfoList



Click Here for Items Related To - Brain Test
OR:
Brain Test on:   [Wikipedia]   [Google]   [Amazon]

Brain Test was a piece of
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
masquerading as an Android app that tested the users IQ. Brain Test was discovered by security firm
Check Point Check Point Software Technologies Ltd. is an Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security ...
and was available in the
Google Play Google Play, also known as the Google Play Store, Play Store, or sometimes the Android Store (and was formerly Android Market), is a digital distribution service operated and developed by Google. It serves as the official app store for certifie ...
app store until 15 September 2015. Check Point described Brain Test as "A new level of sophistication in malware". Brain Test was uploaded on two occasions (com.zmhitlte.brain and com.mile.brain), starting in August 2015, both times
Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
's "
Bouncer A bouncer (also known as a door supervisor) is a type of security guard, employed at licensed or sanctioned venues such as bars, nightclubs, cabaret clubs, strip clubs and casinos. A bouncer's duties are to provide security, to check legal ag ...
" failed to detect the malware. After the first removal on 24 August 2015 the software was reintroduced using an
obfuscation Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language. The obfuscation might be either unintentional or intentional (although intent ...
technique. Tim Erin of
Tripwire A tripwire is a passive triggering mechanism. Typically, a wire or cord is attached to a device for detecting or reacting to physical movement. Military applications Such tripwires may be attached to one or more mines⁠especially fragme ...
said the "Bypassing the vetting processes of Apple and Google is the keystone in a mobile malware campaign." The malware turned out to include a
rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...
, the revelation being described as "more cunning than first thought". The malware is thought to have been written by Chinese actor, according to Shaulov of Check Point, based on the use of a packing/obfuscation tool from
Baidu Baidu, Inc. ( ; ) is a Chinese multinational technology company specializing in Internet services and artificial intelligence. It holds a dominant position in China's search engine market (via Baidu Search), and provides a wide variety of o ...
. Eleven Paths, a Telefonica-owned company, found links to may other pieces of malware, based on the id used to access Umeng, Internet domains accessed by the apps and shared
jpg JPEG ( , short for Joint Photographic Experts Group and sometimes retroactively referred to as JPEG 1) is a commonly used method of lossy compression for digital images, particularly for those images produced by digital photography. The degr ...
and
png Portable Network Graphics (PNG, officially pronounced , colloquially pronounced ) is a raster-graphics file format that supports lossless data compression. PNG was developed as an improved, non-patented replacement for Graphics Interchange ...
images. It appears the app was first detected on a
Nexus 5 Nexus 5 (code-named Hammerhead) is an Android smartphone sold by Google and manufactured by LG Electronics. It is the fifth generation of the Nexus series, succeeding the Nexus 4. It was unveiled on October 31, 2013 and served as the laun ...
using Check Point's
Mobile Threat Prevention System Mobile may refer to: Places * Mobile, Alabama, a U.S. port city * Mobile County, Alabama * Mobile, Arizona, a small town near Phoenix, U.S. * Mobile, Newfoundland and Labrador Arts, entertainment, and media Music Groups and labels * Mobile ...
. The fact that the system was unable to remove the malware alerted the software company's researchers that it was an unusual threat. According to Check Point, it may be necessary to re-flash the
ROM Rom, or ROM may refer to: Biomechanics and medicine * Risk of mortality, a medical classification to estimate the likelihood of death for a patient * Rupture of membranes, a term used during pregnancy to describe a rupture of the amniotic sac * ...
on a device if Brain Test has successfully installed a reinstaller in the system directory.


Features

The malware was uploaded in two forms. The packing feature was only present in the second. * Evades detection by Google Bouncer by avoiding malicious behavior on Google servers with
IP address An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface i ...
es 209.85.128.0–209.85.255.255, 216.58.192.0–216.58.223.255, 173.194.0.0–173.194.255.255, or 74.125.0.0–74.125.255.255, or
domain name In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority, or control. Domain names are often used to identify services provided through the Internet, such as websites, email services, and more. ...
s "google", "android" or "1e100". * Root exploits. Four exploits to gain
root access In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of the ...
to the system were included, to account for variations in the kernel and drivers of different manufacturers and Android versions, which provide alternative paths to root. * External payloads - via command and control system. The system used up to five external servers to provide variable payload, believed to be primarily advertising related. * Packing and time delay. The main downloaded malware portion sits in a sound file, the bootstrap code unpacks this after a time delay. * Dual install and re-install. Two copies of the malware are installed. If one is removed the other re-installs it.


See also

* Shedun * Xcode Ghost


References


External links


Detailed coverage at Forbes

Video
from
Graham Cluley Graham Cluley (born 8 April 1969) is a British security blogger and the author of grahamcluley.com, a daily blog on the latest computer security news, opinion, and advice. Cluley started his career in the computer security industry as a progra ...
on Brain Test
Washington Post
. {{Use dmy dates, date=November 2015 Android (operating system) malware Mobile malware