Mandrake Malware Makes a Comeback, Infecting Over 32,000 Android Devices
Kaspersky researchers have uncovered a new variant of the notorious Mandrake malware, which has been lurking undetected on the Google Play Store for nearly two years. This sophisticated Android spyware, first discovered in 2020, has evolved to evade Google's security checks and anti-virus detection.
 |
|---|
| This image illustrates the intricate relationship between technology and security, mirroring the challenges posed by sophisticated malware like Mandrake on Android devices |
Key Findings:
- Five infected apps identified, collectively downloaded over 32,000 times
- Apps remained on Google Play for at least a year before removal
- Predominantly affected users in Canada, Germany, Italy, Mexico, Spain, Peru, and the UK
Infected Apps to Delete Immediately:
- AirFS (30,305 installs)
- Astro Explorer (718 installs)
- Amber (19 installs)
- CryptoPulsing (790 installs)
- Brain Matrix (259 installs)
Enhanced Capabilities:
The new Mandrake variant employs advanced obfuscation techniques, including:
- Conducting malicious activities in obfuscated libraries
- Using certificate pinning to prevent network sniffing
- Bypassing Android 13's Restricted Settings feature
Malware Functionality:
- Collects device information and lists installed apps
- Records screen activity
- Steals credentials and cookies
- Downloads and executes additional malicious applications
- Sends fake Google Play notifications to trick users into installing more apps
Targeted Approach:
Mandrake operates in three stages, only infecting devices deemed relevant based on collected data. This selective targeting contributes to its long-term evasion of detection.
Google's Response:
Google has removed the infected apps and stated that Google Play Protect is continuously improving to combat such threats. However, the longevity of this campaign raises questions about the effectiveness of current security measures.
User Advice:
If you have downloaded any of the mentioned apps, delete them immediately. Always exercise caution when installing new applications, even from official app stores, and keep your device's security software up to date.
The resurgence of Mandrake serves as a stark reminder of the evolving sophistication of mobile malware and the ongoing challenges in securing app marketplaces against determined adversaries.