S0293 BrainTest
BrainTest is a family of Android malware. 1 2
| Item | Value |
|---|---|
| ID | S0293 |
| Type | MALWARE |
| Version | 1.0 |
| Created | 25 October 2017 |
| Last Modified | 15 April 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1645 | Compromise Client Software Binary | BrainTest uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.2 |
| mobile | T1407 | Download New Code at Runtime | Original samples of BrainTest download their exploit packs for rooting from a remote server after installation.2 |
| mobile | T1404 | Exploitation for Privilege Escalation | Some original variants of BrainTest had the capability to automatically root some devices, but that behavior was not observed in later samples.2 |
| mobile | T1643 | Generate Traffic from Victim | BrainTest provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.2 |
| mobile | T1406 | Obfuscated Files or Information | BrainTest stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.2 |
References
-
Andrey Polkovnichenko and Alon Boxiner. (2015, September 21). BrainTest – A New Level of Sophistication in Mobile Malware. Retrieved December 21, 2016. ↩
-
Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016. ↩↩↩↩↩↩