Kaspersky Finds New Undetected Mandrak Spyware On Google Play
JAKARTA - Kaspersky researchers have identified a new spyware campaign that distributes Mandrak malware under the guise of legitimate applications related to crypto, astronomy, and utilities on Google Play.
First identified in 2020, Mandrake spyware is a state-of-the-art Android espionage platform that has been active since at least 2016.
Then in April 2024, Kaspersky found samples, which showed a new version of Mandrake. What is different from this new Mandrake variant is the addition of advanced fusion techniques to bypass Google Play security checks and hinder analysis.
Company experts have identified at least five applications containing the Mandrak spyware, which are collectively downloaded more than 32,000 times. All of these applications are published on Google Play in 2022, and are available for download for at least one year.
The applications were created under the guise of file sharing applications through Wi-Fi, astronomical service applications, Amber for Genshin games, crypto asset applications, and applications with logic puzzles.
As of July 2024, none of these applications have been detected as malware by any vendor, according to the Total Virus.
While this malicious app is no longer available on Google Play, the app is available in various countries with the majority of downloads occurring in Canada, Germany, Italy, Mexico, Spain, Peru, and the UK.
SEE ALSO:
After avoiding four years of detection in its initial version, the latest Mandrake campaign remains undetected on Google Play over the next two years. This shows the sophisticated skills of threat actors involved, Tatyana SHishkova, Main Security Researcher at GREAT (Global Research and Analysis Team) Kaspersky.
Furthermore, SHishkova argues this trend highlights that as tightening restrictions and security checks are getting tighter, the sophistication of threats is also increasingly difficult to detect.