Google banishes 13 militant, malware-sporting apps from the Play Store

The 'Brain Trust' malware family not only gains root access to your device, but can assign five-star reviews to its infected apps.

android security danger
Credit: Shutterstock

A sneaky crew of 13 apps with relatively high ratings have vanished from the Play Store after security researchers discovered their hidden motives.

Lookout uncovered a batch of apps that are part of a malware family known as the Brain Trust. Apps with this vulnerability are able to gain root privilege to your device and, like cockroaches who survive a mass extinction, live on even if you perform a factory reset. 

The apps had another scheme: they were able to assign themselves good reviews using the infected devices. This is how games like Cake Tower and Honey Comb were able to amass an average review score of 4.5 stars.

play store malware apps Lookout Blog

Cake Tower and Honey Comb offered malware disguised as harmless treats.

According to Lookout, the developers behind the malware were patient at choosing which type of apps to install and finding ways to gain access to more users. It’s a rather scary scenario, as those who stick to the Play Store are generally able to avoid such security problems. 

Lookout published the full list of apps that were kicked out:

malicious apps Lookout Blog

Lookout uncovered a total of 13 apps using the Brain Trust vulnerability.

If you downloaded one of the aforementioned apps, you can use the Lookout Security app to scan your phone and see if it’s infected. Lookout recommends downloading and flashing a stock ROM to get back to safety since the malware can survive a factory reset. If that’s above your skill level, then you’ll need to get in touch with customer support from your phone's manufacturer.

Why this matters: It’s rather curious how these apps were able to sneak through. The Play Store used to be a free-for-all, but now Google pre-screens and tests apps just like Apple does with the App Store. However, security is always a cat-and-mouse game, and Google will likely learn from this incident and develop some new protocols for catching this vulnerability.

To comment on this article and other Greenbot content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.