We all know that Android is one of the “preferred” operating systems of cybercriminals. This is because this is also the mobile operating system that has the most users in the world and is one of the most explored.
It has recently been revealed that there is malware that has been secretly spying on Android users for several years.
In addition to the malware that appears for Android, which is considered “zero day”, there are also malware that have been around for years. Named after Mandrake, this malware has functioned as a spy tool for hackers who use it to spy on Android users.
Mandrake - the malware for Android that has been active for 4 years…
Recently a group of BitDefender researchers shared a white paper with some interesting revelations about the Mandrake malware. According to the information, this malware has been active for over 4 years. During these years, the malware remained undetected and was only "discovered" by Bitdefender in early 2020.
In a nutshell, the malware functioned as intelligent spyware, targeting Android users through phishing campaigns and fake apps. The investigators reveal that they detected at least two major waves of infection between 2016 and 2017 and between 2018 and 2020. The researchers also found that the malware was available on the Google Play Store “hidden” in 7 apps (OfficeScanner, Abfix, Converter currency XE, SnapTune Vid, CoinCast, Horoskope and Car News - all from different developers).
Upon reaching the target device, the malware used to run in a three-stage process. The third stage would be performed only if the attackers considered the victim “interesting” to be attacked.
- Possibility to obtain SMS from victims
- Send SMS to recipients of your choice
- Get the entire contact list
- Make phone calls
- Install / remove apps
- Get all user account data
- Record screen activity
- GPS tracking
- Initiate device reset
Investigators have yet to discover the origin of the attackers and their intentions. As there are not many details yet, it is very important that users know well the apps they install on their equipment. In case of doubt, you should always do some research to see if the app is reliable.