Security News > 2024 > July > Android spyware 'Mandrake' hidden in apps on Google Play since 2022

A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store.

Kaspersky now reports that a new variant of Mandrake that features better obfuscation and evasion sneaked into Google Play through five apps submitted to the store in 2022.

The cybersecurity firm says most downloads come from Canada, Germany, Italy, Mexico, Spain, Peru, and the UK. Unlike typical Android malware, which places malicious logic in the app's DEX file, Mandrake hides its initial stage in a native library, 'libopencv dnn.

The Mandrake threat remains alive, and while the five apps identified as droppers by Kaspersky are no longer available on Google Play, the malware could return via new, harder-to-detect apps.

Roid users are recommended only to install apps from reputable publishers, check user comments before installing, avoid granting requests for risky permissions that seem unrelated to an app's function, and make sure that Play Protect is always active.

Over 90 malicious Android apps with 5.5M installs found on Google Play.

News URL

https://www.bleepingcomputer.com/news/security/android-spyware-mandrake-hidden-in-apps-on-google-play-since-2022/