Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Cake Tower-related rooting apps found in Google Play


Researchers discovered 13 apps in the Google Play store containing malicious malware, several of which are capable of rooting phones and cannot be removed by factory reset or any other method, according to a Lookout blog post.

Devices infected with these malware strains must be replaced -- or re-flashed with a ROM supplied by the device's manufacturer, Lookout Senior Security Analyst Chris Dehghanpoor told The company recommended that users check with device-makers to determine the best solution.

The applications, discovered Lookout researchers, are related to malware discovered in a game called Brain Test that was found in the Google Play store in September. The malicious applications behave similarly to the phone-rooting malicious adware discovered by Lookout in November.

The applications' developers created several highly-rated apps in the Play store. The infected applications were difficult to detect because they “rely heavily on instructions from the command and control server,” Dehghanpoor said.

Dehghanpoor said the developers published an update on December 23 to a game called Cake Tower, one of the malicious apps. The update loaded an encrypted persistent SDK packet. This enabled the apps to execute arbitrary commands on the devices.

The applications discovered in November were outside of the Google Play store, and disguised as popular apps, such as Okta, Facebook, Twitter, WhatApp, and NYTimes.

“The explanation for the apps' high ratings and hundreds-of-thousands of downloads is the malware itself,” Dehghanpoor wrote on the Lookout blog. “Some are highly rated because they are fun to play. Mischievously, though, the apps are capable of using compromised devices to download and positively review other malicious apps in the Play store by the same authors.”

In an email to, Google confirmed that the malicious applications were removed from the Google Play store. “We take security seriously, and Android is built from the ground up to be very secure,” a Google representative wrote in an email to “When you look at Android, there is an entire industry that has a vested interest in positioning themselves negatively against Android."

UPDATE: This article has been updated with further detail on the remediation process.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.