A music player app called Super Free Music Player managed to sneak its way passed Google's security measures and become legitimately uploaded to its Play store.
The app, which has been downloaded possibly as many as 10,000 time, is in reality a malware host, according to SophosLabs researcher Rowland Yu. He first spotted the app on March 31 and says it used the same techniques as Brain Test malware to gain access to Google Play. Brain Test was first spotted by Check Point and implements several privilege exploits to gain root access on a device installing persistent malware.
Once installed the initial download “starts a service called com.hole.content.Erpbiobuft to decrypt and drop the payload,” Sophos noted, which is then run every hour. It checks to see if it is within the Android sandbox TaintDroid and then sets the timer for a second bomb to go off in eight hours. At this time the malicious payload is dropped enabling the app to download additional malware.
Sophos has notified Google of the malignant app, but in the meantime said the best defense is to simply not download it.