Mandrake Android Malware Creeps Up On Google Play Store Again - آپا
Mandrake Android Malware Creeps Up On Google Play Store Again
- 05 Aug 2024
- News Code: 2411392
- 1113
Years after targeting Android malware, the seemingly dormant Mandrake malware reemerges with a sneaky campaign. Researchers found Mandrake quietly existing on the Google Play Store for at least a year, infecting thousands of users. Mandrake Malware Sneakily Infected Numerous Play Store Apps According to a recent report from Kaspersky, Mandrake Android malware has reappeared on the Google Play Store. The notorious spyware was found in five different applications on the Play Store and remained there for 2022 and 2024, garnering 32,000 downloads. Mandrake malware first became known in 2020 when Bitdefender spotted it targeting Android users. Since then, the malware has enhanced its maliciousness, as evident by its recent variant. Kaspersky researchers noticed “layers of obfuscation” in the malware code, which might have helped the malicious apps bypass Google Play Store security checks. Moreover, the malware also applies a stealthy communication strategy with its C&C server. It uses certificate pinning to prevent SSL traffic snooping. In addition, it applies various sandbox evasion and anti-analysis techniques to remain under the radar. The researchers found the new Mandrake variant upon analyzing a suspicious app. In total, they found the following five apps from three developers carrying the malware. Application name on Google Play Store App package Developer name AirFS com.airft.ftrnsfr it9042 Astro Explorer com.astro.dscvr shevabad Amber com.shrp.sght kodaslda CryptoPulsing com.cryptopulsing.browser shevabad Brain Matrix com.brnmth.mtrx kodaslda All five apps appeared on the Google Play Store in 2022 and stayed there until 2023, except one, AirFS, which was last updated in March 2024 before being removed. The latter also seemed to be the most popular app of all five, attracting over 10,000 downloads. In their report, the researchers have presented a detailed technical analysis of the new Mandrake variant. While the exact entity of the threat actor behind the latest campaign remains unknown, Kaspersky believes it must be the same threat actor group that first executed the 2020 campaign caught by Bitdefender. As for the victims, most users belong to the UK, Germany, Canada, Mexico, Spain, Italy, and Peru.
References:
https://latesthackingnews.com/2024/07/31/mandrake-android-malware-creeps-up-on-google-play-store-again/