Security News > 2024 > July > Android spyware 'Mandrake' hidden in apps on Google Play since 2022
A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store.
Kaspersky now reports that a new variant of Mandrake that features better obfuscation and evasion sneaked into Google Play through five apps submitted to the store in 2022.
The cybersecurity firm says most downloads come from Canada, Germany, Italy, Mexico, Spain, Peru, and the UK. Unlike typical Android malware, which places malicious logic in the app's DEX file, Mandrake hides its initial stage in a native library, 'libopencv dnn.
The Mandrake threat remains alive, and while the five apps identified as droppers by Kaspersky are no longer available on Google Play, the malware could return via new, harder-to-detect apps.
Roid users are recommended only to install apps from reputable publishers, check user comments before installing, avoid granting requests for risky permissions that seem unrelated to an app's function, and make sure that Play Protect is always active.
Over 90 malicious Android apps with 5.5M installs found on Google Play.
News URL
Related news
- New Mandrake Spyware Found in Google Play Store Apps After Two Years (source)
- Google patches exploited Android zero-day on Pixel devices (source)
- CapraRAT Spyware Disguised as Popular Apps Threatens Android Users (source)
- 'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins (source)
- Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware (source)