More Brain Test malware apps found in Play Store by Lookout


Anti-virus and security company Lookout is reporting today that they discovered several apps in the Google Play Store that are part of the Brain Test family of malware. Brain Test attempts to gain root privilege on Android devices and can persist even through factory resets or other measures taken by users to remove it once discovered. Google has already removed 13 new apps that were identified in Lookout’s latest efforts.

The tale of Brain Test malware begins back in September 2015 when Checkpoint reported two suspicious apps to Google. After removing those apps, Lookout continued to monitor some apps in the Play Store that appeared to be connected to the developers who were behind Brain Test. For the next 2-3 months, the applications continued to rack up installs and positive reviews in the Play Store as the developers appeared to be testing methods for propagating their code via the Play Store.

Just before Christmas, one of the games called Cake Tower received an update that triggered new functionality. The bad news was that functionality involved code to connect to a command and control server to receive further instructions and payloads. With that change, Lookout says they were able to “connect the dots” and confirm on December 29th that all of the apps were in fact delivery platforms for the Brain Test malware.

One of the goals of Brain Test is to provide positive ratings and installs for other apps produced by the same developers. This not only helped the developers make money off of guaranteed apk install targets being met, it also helped them build an even larger network of compromised devices. While creating guaranteed installs of apps is relatively innocuous, the network could clearly be used for more malicious purposes.

Lookout also determined that Brain Test contains another annoying feature. The malware will copy files to the /system partition if it determines a device is rooted. By doing this, Brain Test is able to survive user’s attempts to reset a device using the Factory Reset option. The only way to effectively remove Brain Test at that point is to reflash a device with a new ROM.

The list below are the most recent apps discovered to be part of the Brain Test malware family:

  • Cake Blast
  • Jump Planet
  • Honey Comb
  • Crazy Block
  • Crazy Jelly
  • Tiny Puzzle
  • Ninja Hook
  • Piggy Jump
  • Just Fire
  • Eat Bubble
  • Hit Planet
  • Cake Tower
  • Drag Box

UPDATE @ 11:00AM ET, 1/7/16: As per suggestion, we’re including a list of the app names and their package names because developers with apps of the same name are experiencing mass uninstalls.


The discovery of Brain Test in the Play Store comes shortly after Lookout discovered apps in the Play Store that included code from the FruitSMS malware family. The company is continuing to monitor apps for additional attempts to use the Play Store as a delivery mechanism for malicious code.

source: Lookout

About the Author: Jeff Causey

Raised in North Carolina, Jeff Causey is a licensed CPA in North Carolina. Jeff's past Android devices include an HTC EVO, a Samsung Note II, an LG G3, and a Motorola Moto X Pure Edition along with a Samsung Galaxy Tablet 10.1. He currently uses a Samsung Galaxy S8 and (very rarely) a Nexus 7 (2013). He is also using a Verizon-branded Motorola Moto Z Play Droid supplied by his job. Jeff used to have a pair of Google Glass and a Moto 360 Sport in his stable of gadgets. Unfortunately, his kids have all drunk the Apple Kool-Aid and have i-devices. Life at home often includes demonstrations of the superiority of his Android based devices. In his free time, Jeff is active an active runner usually training for his next marathon, owns a MINI Cooper, and plays Dungeons & Dragons. Jeff has three mostly grown kids and a golden retriever.

  • Zachary Dahlin

    Yeah Thiago lopes Rosa is right.. and also get good anti virus on your phone for safe downloading.