Homepage News Infects 32,000 Devices: New Spyware Campaign Exploits Google Play

Infects 32,000 Devices: New Spyware Campaign Exploits Google Play

Infects 32,000 Devices: New Spyware Campaign Exploits Google Play
Photo: Shutterstock.com

The Spyware had remained undetected for two years due to advanced camouflage techniques.

Others are reading now

Researchers from Kaspersky have uncovered a sophisticated spyware campaign utilizing Mandrake malware, which has been distributed through seemingly legitimate apps on Google Play.

32,000 Devices Infected

Accordign to Ziare over 32,000 devices have been infected by Mandrake, which had remained undetected for two years due to advanced camouflage techniques employed by the hackers.

Mandrake, first identified by Bitdefender in 2020, was recognized as a sophisticated Android spyware active since 2016. The latest findings from Kaspersky, revealed in April 2024, indicate an updated version of Mandrake with enhanced features designed to evade detection and analysis.

Also read

These Apps are Infected

Key to the new Mandrake variant is its advanced camouflage strategies. These include:

  • Native Library Integration: The malware moves its malicious functionalities into native libraries, complicating detection by security systems.

  • Certificate Pinning: This technique secures communications with Command and Control (C2) servers, preventing data interception.

  • Advanced Testing: The malware conducts various tests to determine if it is running on a real device or in a virtualized environment, making analysis more difficult.

Kaspersky identified five infected applications on Google Play that contained Mandrake spyware. These apps, available for download for over a year, were:

  • AirFS (com.airft.ftrnsfr)

  • Amber (com.shrp.sght)

  • Astro Explorer (com.astro.dscvr)

  • Brain Matrix (com.brnmth.mtrx)

  • CryptoPulsing (com.cryptopulsing.browser)

Also read

Did you find the article interesting? Share it here Share the article: