Android Hit By ‘Incredibly Sophisticated’ Malware

Security researchers have warned of an “incredibly sophisticated” Android hacking campaign that is all the more dangerous because it is highly selective in whom it attacks.

The Mandrake malware “puts in significant effort not to infect victims”, computer security firm Bitdefender said in an advisory.

The malware, which was triggered by several innocent-seeming apps on the Google Play store, “cherry-picks” only a few devices as targets for malicious code designed to take over the system and steal information, Bitdefender said.

“This is likely because its operators know that they increase their chances of being called out with every device they infect, so they have instructed the malware to avoid countries where compromised devices won’t bring them any return of interest,” researchers said.

‘Advanced manipulation tactics’

The malware uses “advanced manipulation tactics” to trick users into granting far-reaching permissions, for instance re-drawing what users see on the screen.

While users think they are merely carrying out a series of taps to accept an End-User Licence Agreement, they are actually granting “extremely powerful permissions” with which “the malware gets complete control of the device and data on it”.

The malware allows its controllers to collect any data from a compromised device, including account credentials, to secretly record what’s happening on the screen and to montior the user’s location via GPS, amongst other functions.

Mandrake has been active since at least 2016, and initially targeted Australian users before moving on to areas including Europe and the Americas.

The current attack campaign has probably compromised in the tens of thousands of users, and in the hundreds of thousands over the past four years, Bitdefender said.

The malware made its way onto Android devices via several apps on Google Play that appeared to be made by different developers, some targeting specific countries.

Trust

The apps were ad-free and received regular updates, and some even had social media accounts, Bitdefender said.

All the identified Mandrake apps have now been removed from Google Play, but researchers said the malware’s developers remain active and are likely to publish other apps with which to carry out attacks.

The initial apps carried no malicious code, which then downloaded a second-stage app with more capabilities – but only when expressly directed to do so, in order to evade the Play Store’s security controls.

Bitdefender said it hasn’t determined who is behind Mandrake, but noted that it specifically avoids infecting users located in former Soviet Union countries such as the Ukraine, Belarus, Kyrgyzstan and Uzbekistan, as well as countries in Africa and the Middle East.

This is a tactic frequently employed by hackers to avoid attracting the attention of law enforcement authorities within their own countries.

Bitdefender advised users to avoid downloading apps from unknown sources.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

1 day ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

2 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

2 days ago