July 29, 2024 at 06:29PM
A new variant of the Android spyware ‘Mandrake’ was discovered in five Google Play apps downloaded 32,000 times. Kaspersky found the updated version with enhanced obfuscation and evasion, entering through these apps. The spyware operates stealthily, prompting users to install further malicious APKs. Android users are urged to be cautious and only install apps from reputable sources.
From the meeting notes:
– A new variant of the Android spyware ‘Mandrake’ was found in five applications downloaded from Google Play.
– The apps remained available for at least a year, with the most successful one, AirFS, being removed at the end of March 2024.
– Kaspersky identified the five Mandrake-carrying apps: AirFS, Astro Explorer, Amber, CryptoPulsing, and Brain Matrix.
– Most downloads of the infected apps come from Canada, Germany, Italy, Mexico, Spain, Peru, and the UK.
– Mandrake’s new version hides its initial stage in a native library and evades detection using various methods.
– The spyware can perform malicious activities such as data collection, screen recording, command execution, simulation of user swipes and taps, file management, and app installation.
– Mandrake’s latest version features better evasion techniques, including checks for certain security measures.
– Kaspersky recommends Android users to be cautious and only install apps from reputable publishers, check user comments before installing, avoid granting risky permissions, and ensure that Play Protect is always active.