Android Hit By ‘Incredibly Sophisticated’ Malware

Security researchers have warned of an “incredibly sophisticated” Android hacking campaign that is all the more dangerous because it is highly selective in whom it attacks.

The Mandrake malware “puts in significant effort not to infect victims”, computer security firm Bitdefender said in an advisory.

The malware, which was triggered by several innocent-seeming apps on the Google Play store, “cherry-picks” only a few devices as targets for malicious code designed to take over the system and steal information, Bitdefender said.

“This is likely because its operators know that they increase their chances of being called out with every device they infect, so they have instructed the malware to avoid countries where compromised devices won’t bring them any return of interest,” researchers said.

‘Advanced manipulation tactics’

The malware uses “advanced manipulation tactics” to trick users into granting far-reaching permissions, for instance re-drawing what users see on the screen.

While users think they are merely carrying out a series of taps to accept an End-User Licence Agreement, they are actually granting “extremely powerful permissions” with which “the malware gets complete control of the device and data on it”.

The malware allows its controllers to collect any data from a compromised device, including account credentials, to secretly record what’s happening on the screen and to montior the user’s location via GPS, amongst other functions.

Mandrake has been active since at least 2016, and initially targeted Australian users before moving on to areas including Europe and the Americas.

The current attack campaign has probably compromised in the tens of thousands of users, and in the hundreds of thousands over the past four years, Bitdefender said.

The malware made its way onto Android devices via several apps on Google Play that appeared to be made by different developers, some targeting specific countries.

Trust

The apps were ad-free and received regular updates, and some even had social media accounts, Bitdefender said.

All the identified Mandrake apps have now been removed from Google Play, but researchers said the malware’s developers remain active and are likely to publish other apps with which to carry out attacks.

The initial apps carried no malicious code, which then downloaded a second-stage app with more capabilities – but only when expressly directed to do so, in order to evade the Play Store’s security controls.

Bitdefender said it hasn’t determined who is behind Mandrake, but noted that it specifically avoids infecting users located in former Soviet Union countries such as the Ukraine, Belarus, Kyrgyzstan and Uzbekistan, as well as countries in Africa and the Middle East.

This is a tactic frequently employed by hackers to avoid attracting the attention of law enforcement authorities within their own countries.

Bitdefender advised users to avoid downloading apps from unknown sources.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

1 day ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

1 day ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

1 day ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

1 day ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

1 day ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

1 day ago