July 30, 2024 at 10:04AM
A new version of the sophisticated Android spyware Mandrake has been discovered in five apps on Google Play Store, remaining undetected for two years. The malware includes obfuscation and evasion techniques and can collect device information, initiate screen sharing, and steal credentials. Researchers emphasize the evolving threat and Google’s continuous efforts to enhance defense mechanisms.
From the meeting notes, it is clear that a new iteration of Android spyware called Mandrake has been discovered in several applications available for download from the Google Play Store. It remained undetected for two years, attracting over 32,000 installations before being removed. Researchers identified new obfuscation and evasion techniques used by Mandrake, including moving malicious functionality to obfuscated native libraries and using certificate pinning for C2 communications. The spyware is capable of sophisticated activities such as collecting device information, initiating remote screen sharing sessions, and stealing credentials. Google has commented that they are continuously strengthening Google Play Protect to defend against such threats and to include live threat detection to tackle obfuscation and anti-evasion techniques.