Cake Tower-related rooting apps found in Google Play

Researchers discovered 13 apps related to the malicious game Brain Test in the Google Play store.
Researchers discovered 13 apps related to the malicious game Brain Test in the Google Play store.

Researchers discovered 13 apps in the Google Play store containing malicious malware, several of which are capable of rooting phones and cannot be removed by factory reset or any other method, according to a Lookout blog post.

Devices infected with these malware strains must be replaced -- or re-flashed with a ROM supplied by the device's manufacturer, Lookout Senior Security Analyst Chris Dehghanpoor told SCMagazine.com. The company recommended that users check with device-makers to determine the best solution.

The applications, discovered Lookout researchers, are related to malware discovered in a game called Brain Test that was found in the Google Play store in September. The malicious applications behave similarly to the phone-rooting malicious adware discovered by Lookout in November.

The applications' developers created several highly-rated apps in the Play store. The infected applications were difficult to detect because they “rely heavily on instructions from the command and control server,” Dehghanpoor said.

Dehghanpoor said the developers published an update on December 23 to a game called Cake Tower, one of the malicious apps. The update loaded an encrypted persistent SDK packet. This enabled the apps to execute arbitrary commands on the devices.

The applications discovered in November were outside of the Google Play store, and disguised as popular apps, such as Okta, Facebook, Twitter, WhatApp, and NYTimes.

“The explanation for the apps' high ratings and hundreds-of-thousands of downloads is the malware itself,” Dehghanpoor wrote on the Lookout blog. “Some are highly rated because they are fun to play. Mischievously, though, the apps are capable of using compromised devices to download and positively review other malicious apps in the Play store by the same authors.”

In an email to SCMagazine.com, Google confirmed that the malicious applications were removed from the Google Play store. “We take security seriously, and Android is built from the ground up to be very secure,” a Google representative wrote in an email to SCMagazine.com. “When you look at Android, there is an entire industry that has a vested interest in positioning themselves negatively against Android."

UPDATE: This article has been updated with further detail on the remediation process.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS