Cybersecurity experts recently disclose a new strain of Android malware that has been secretly invading smartphones for many years.
Experts call this new malware Mandrake. This new strain of malicious code is capable of giving hackers complete backdoor access to an infected phone. It is also fundamentally invisible to users, an attribute that makes it extremely difficult to detect and trace.
According to security experts, Mandrake is a spyware. It is capable of executing legitimate Android applications. Once it has successfully installed itself into its target, it can gather almost any data it wants from the device.
Hackers can essentially browse and gather all user data in the target’s device. It can collect account information, user login credentials, and it can even track GPS locations. It is also capable of taking screenshots and send it to a remote server, all of this while diligently wiping its tracks.
Security researchers from Bitdefender are the first to track and catalog the Mandrake malware. According to the team, Mandrake has been operating since 2016. During its infancy, the malware specifically targets users from Australia, but its operation has recently gone global.
In a statement, Bitdefender Threat Researcher Bogdan Botezatu says:
“The ultimate goal of Mandrake is complete control of the device, as well as account compromise. This is one of the most potent pieces of Android malware we have seen until now.”
Scope of operations
Researchers at Bitdefender were able to track Mandrake operations after the malware expands its operations. The malware is now targeting users from the United States and Europe.
Experts believe that Mandrake’s successful infiltration is due to the fact that it has remained hidden for many years. The hackers behind Mandrake even went as far as developing and maintaining several legitimate applications in Google Play Store.
— Gotham Tech Group (@GothamTG) May 15, 2020
Through the clever use of social engineering, the hackers are able to convince users to download and install their infected apps. Most of these apps do not serve ads, and they regularly produce new content.
Security experts say that Mandrake was able to evade detection by using a multi-stage process to deliver its payload. The app on the Google Play Store is completely malware-free. However, once the user installs it, it will connect to a remote server and download the remainder of its payload.
Bitdefender claims that the Mandrake malware is still operating to this day. However, the team is optimistic and claims that they should be able to track those behind this malicious project.
Image courtesy of IhorL/Shutterstock