Security News > 2024 > July > Android spyware 'Mandrake' hidden in apps on Google Play since 2022
A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store.
Kaspersky now reports that a new variant of Mandrake that features better obfuscation and evasion sneaked into Google Play through five apps submitted to the store in 2022.
The cybersecurity firm says most downloads come from Canada, Germany, Italy, Mexico, Spain, Peru, and the UK. Unlike typical Android malware, which places malicious logic in the app's DEX file, Mandrake hides its initial stage in a native library, 'libopencv dnn.
The Mandrake threat remains alive, and while the five apps identified as droppers by Kaspersky are no longer available on Google Play, the malware could return via new, harder-to-detect apps.
Roid users are recommended only to install apps from reputable publishers, check user comments before installing, avoid granting requests for risky permissions that seem unrelated to an app's function, and make sure that Play Protect is always active.
Over 90 malicious Android apps with 5.5M installs found on Google Play.
News URL
Related news
- New North Korean Android spyware slips onto Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- How Google tracks Android device users before they've even opened an app (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google expands Android AI scam detection to more Pixel devices (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- Google Gemini's Astra (screen sharing) rolls out on Android for some users (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)