Security News > 2024 > July > Android spyware 'Mandrake' hidden in apps on Google Play since 2022
A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store.
Kaspersky now reports that a new variant of Mandrake that features better obfuscation and evasion sneaked into Google Play through five apps submitted to the store in 2022.
The cybersecurity firm says most downloads come from Canada, Germany, Italy, Mexico, Spain, Peru, and the UK. Unlike typical Android malware, which places malicious logic in the app's DEX file, Mandrake hides its initial stage in a native library, 'libopencv dnn.
The Mandrake threat remains alive, and while the five apps identified as droppers by Kaspersky are no longer available on Google Play, the malware could return via new, harder-to-detect apps.
Roid users are recommended only to install apps from reputable publishers, check user comments before installing, avoid granting requests for risky permissions that seem unrelated to an app's function, and make sure that Play Protect is always active.
Over 90 malicious Android apps with 5.5M installs found on Google Play.
News URL
Related news
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Google Gemini's Astra (screen sharing) rolls out on Android for some users (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- Google adds Android auto-reboot to block forensic data extractions (source)
- Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers (source)
- Google fixes actively exploited FreeType flaw on Android (source)