BrainTest

BrainTest is a family of Android malware. [1] [2]

ID: S0293
Aliases: BrainTest
Type: MALWARE
Platforms: Android

Version: 1.1

Alias Descriptions

NameDescription
BrainTest[1] [2]

Techniques Used

DomainIDNameUse
MobileT1407Download New Code at RuntimeOriginal samples of BrainTest download their exploit packs for rooting from a remote server after installation.[2]
MobileT1404Exploit OS VulnerabilitySome original variants of BrainTest had the capability to automatically root some devices, but that behavior was not observed in later samples.[2]
MobileT1452Manipulate App Store Rankings or RatingsBrainTest provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.[2]
MobileT1400Modify System PartitionBrainTest uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.[2]
MobileT1406Obfuscated or Encrypted PayloadBrainTest stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.[2]

References