Lookout uncovered a batch of apps that are part of a malware family known as the Brain Trust. Apps with this vulnerability are able to gain root privilege to your device and, like cockroaches who survive a mass extinction, live on even if you perform a factory reset.
The apps had another scheme: they were able to assign themselves good reviews using the infected devices. This is how games like Cake Tower and Honey Comb were able to amass an average review score of 4.5 stars.
According to Lookout, the developers behind the malware were patient at choosing which type of apps to install and finding ways to gain access to more users. It’s a rather scary scenario, as those who stick to the Play Store are generally able to avoid such security problems.
Lookout published the full list of apps that were kicked out:
If you downloaded one of the aforementioned apps, you can use the Lookout Security app to scan your phone and see if it’s infected. Lookout recommends downloading and flashing a stock ROM to get back to safety since the malware can survive a factory reset. If that’s above your skill level, then you’ll need to get in touch with customer support from your phone’s manufacturer.
Why this matters: It’s rather curious how these apps were able to sneak through. The Play Store used to be a free-for-all, but now Google pre-screens and tests apps just like Apple does with the App Store. However, security is always a cat-and-mouse game, and Google will likely learn from this incident and develop some new protocols for catching this vulnerability.