Tech News
Mandrake Android Malware Creeps Up On Google Play Store Again
Years after targeting Android malware, the seemingly dormant Mandrake malware reemerges with a sneaky campaign. Researchers found Mandrake quietly existing on the Google Play Store for at least a year, infecting thousands of users.
Mandrake Malware Sneakily Infected Numerous Play Store Apps
According to a recent report from Kaspersky, Mandrake Android malware has reappeared on the Google Play Store. The notorious spyware was found in five different applications on the Play Store and remained there for 2022 and 2024, garnering 32,000 downloads.
Mandrake malware first became known in 2020 when Bitdefender spotted it targeting Android users. Since then, the malware has enhanced its maliciousness, as evident by its recent variant.
Kaspersky researchers noticed “layers of obfuscation” in the malware code, which might have helped the malicious apps bypass Google Play Store security checks. Moreover, the malware also applies a stealthy communication strategy with its C&C server. It uses certificate pinning to prevent SSL traffic snooping. In addition, it applies various sandbox evasion and anti-analysis techniques to remain under the radar.
The researchers found the new Mandrake variant upon analyzing a suspicious app. In total, they found the following five apps from three developers carrying the malware.
Application name on Google Play Store | App package | Developer name |
AirFS | com.airft.ftrnsfr | it9042 |
Astro Explorer | com.astro.dscvr | shevabad |
Amber | com.shrp.sght | kodaslda |
CryptoPulsing | com.cryptopulsing.browser | shevabad |
Brain Matrix | com.brnmth.mtrx | kodaslda |
All five apps appeared on the Google Play Store in 2022 and stayed there until 2023, except one, AirFS, which was last updated in March 2024 before being removed. The latter also seemed to be the most popular app of all five, attracting over 10,000 downloads.
In their report, the researchers have presented a detailed technical analysis of the new Mandrake variant. While the exact entity of the threat actor behind the latest campaign remains unknown, Kaspersky believes it must be the same threat actor group that first executed the 2020 campaign caught by Bitdefender.
As for the victims, most users belong to the UK, Germany, Canada, Mexico, Spain, Italy, and Peru.
Let us know your thoughts in the comments.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend