BrainTest is a family of Android malware. [1] [2]

ID: S0293
Platforms: Android
Version: 1.1
Created: 25 October 2017
Last Modified: 11 December 2018

Techniques Used

Domain ID Name Use
Mobile T1407 Download New Code at Runtime

Original samples of BrainTest download their exploit packs for rooting from a remote server after installation.[2]

Mobile T1404 Exploit OS Vulnerability

Some original variants of BrainTest had the capability to automatically root some devices, but that behavior was not observed in later samples.[2]

Mobile T1452 Manipulate App Store Rankings or Ratings

BrainTest provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.[2]

Mobile T1400 Modify System Partition

BrainTest uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.[2]

Mobile T1406 Obfuscated Files or Information

BrainTest stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.[2]