Tech News
Mandrake Android Malware Creeps Up On Google Play Store Again
Years after targeting Android malware, the seemingly dormant Mandrake malware reemerges with a sneaky campaign. Researchers found Mandrake quietly existing on the Google Play Store for at least a year, infecting thousands of users.
Mandrake Malware Sneakily Infected Numerous Play Store Apps
According to a recent report from Kaspersky, Mandrake Android malware has reappeared on the Google Play Store. The notorious spyware was found in five different applications on the Play Store and remained there for 2022 and 2024, garnering 32,000 downloads.
Mandrake malware first became known in 2020 when Bitdefender spotted it targeting Android users. Since then, the malware has enhanced its maliciousness, as evident by its recent variant.
Kaspersky researchers noticed “layers of obfuscation” in the malware code, which might have helped the malicious apps bypass Google Play Store security checks. Moreover, the malware also applies a stealthy communication strategy with its C&C server. It uses certificate pinning to prevent SSL traffic snooping. In addition, it applies various sandbox evasion and anti-analysis techniques to remain under the radar.
The researchers found the new Mandrake variant upon analyzing a suspicious app. In total, they found the following five apps from three developers carrying the malware.
| Application name on Google Play Store | App package | Developer name |
| AirFS | com.airft.ftrnsfr | it9042 |
| Astro Explorer | com.astro.dscvr | shevabad |
| Amber | com.shrp.sght | kodaslda |
| CryptoPulsing | com.cryptopulsing.browser | shevabad |
| Brain Matrix | com.brnmth.mtrx | kodaslda |
All five apps appeared on the Google Play Store in 2022 and stayed there until 2023, except one, AirFS, which was last updated in March 2024 before being removed. The latter also seemed to be the most popular app of all five, attracting over 10,000 downloads.
In their report, the researchers have presented a detailed technical analysis of the new Mandrake variant. While the exact entity of the threat actor behind the latest campaign remains unknown, Kaspersky believes it must be the same threat actor group that first executed the 2020 campaign caught by Bitdefender.
As for the victims, most users belong to the UK, Germany, Canada, Mexico, Spain, Italy, and Peru.
Let us know your thoughts in the comments.
10 Powerful Ways to Invest in Yourself and Restart Your Self Growth
10 Tips to Prevent Cavities in Kids: A Parent’s Guide
Israeli soldiers pushed three apparently lifeless bodies from roofs during a West Bank raid
YEAH! YOU WANT “THOSE GAMES,” RIGHT? SO HERE YOU GO! NOW, LET’S SEE YOU CLEAR THEM! 1+2 announced
Do you need an expensive record player?
Sony’s throwback PS5 Pro limited edition takes us back to the 90s
Commuters warned of delays amid Commercial Broadway Station escalator replacement – BC
Lorne Michaels Weighs In On Who Will Play Donald Trump On ‘SNL’ Season 50
UPDATE: It’s actually happening: Palworld developer Pocketpair is being sued by Nintendo and The Pokémon Company
YouTube Now Displays Adverts When Paused
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
The Top 20 Motivational Instagram Accounts to Follow (2024)
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
Our new fixed tours are your ultimate Aussie & Kiwi adventure!
Democrats and allies to flood airwaves, drop more than $125M on abortion push
Family Holiday Checklist | What To Pack Family Holiday
Concord price, beta, preorder details for PS5 and PC confirmed
Turkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA
Tim Scott Makes New Push to Woo Black and Hispanic Republicans
Epic Bus Tours New Zealand
-
Tech News3 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation3 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Self Development4 months agoDon’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Destination4 months agoOur new fixed tours are your ultimate Aussie & Kiwi adventure!
-
Breaking News4 months agoDemocrats and allies to flood airwaves, drop more than $125M on abortion push
-
Activities3 months agoFamily Holiday Checklist | What To Pack Family Holiday
-
Gaming3 months agoConcord price, beta, preorder details for PS5 and PC confirmed
-
Destination3 months agoTurkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA