In a recent development, Google has taken action against five widely-used applications that were found to harbor a new strain of malware known as Mandrake. This spyware has been downloaded approximately 32,000 times, raising significant concerns for Android users. Although Mandrake is not a new threat—its origins trace back to 2016—this latest iteration demonstrates enhanced spying capabilities that have researchers on high alert.
Understanding the Threat
Mandrake is particularly insidious, as it can monitor virtually all activities on an infected device. Its capabilities include data collection, screen recording, and even simulating user interactions, allowing it to take control of the device and potentially cause further damage. Alarmingly, these actions can occur even while the phone is tucked away in a pocket.
The compromised applications were available on the Google Play Store for over a year before being identified and removed by Google. While the removal blocks new downloads, it does not eliminate the threat for users who have already installed these apps. To ensure safety, individuals must manually delete the infected applications from their devices.
Research indicates that users in several countries—including the UK, Canada, Germany, Italy, Mexico, and Spain—may have been affected by this malware campaign. The five apps implicated in the Mandrake infiltration are:
- AirFS
- Astro Explorer
- Amber
- CryptoPulsing
- Brain Matrix
In response to the situation, Google has reassured users that enabling Play Protect can help mitigate the risks associated with Mandrake. A spokesperson for the tech giant stated, “Google Play Protect is continuously improving with each app identified. We’re always enhancing its capabilities, including upcoming live threat detection to help combat obfuscation and anti-evasion techniques.” This feature, which is enabled by default on Android devices with Google Play Services, can warn users or block apps that exhibit malicious behavior.
Taking Precautions
For those who have not yet activated Play Protect, the process is straightforward. Users can navigate to the Google Play Store, tap their profile picture in the top-right corner, select Play Protect Settings, and enable Scan Apps with Play Protect. Security experts consistently recommend downloading apps exclusively from official sources like the Google Play Store. While these platforms are statistically safer than manually installing software from the internet, they are not immune to threats.
It is crucial to remain vigilant by scrutinizing app reviews and evaluating the permissions requested by each application. Users should consider whether the permissions align with the app’s intended functionality. Deleting the five identified malicious apps will help eliminate the threat from affected devices. Additionally, if Google’s Play Protect service issues a warning, users should investigate the cause and take appropriate action.
This incident is not an isolated one; earlier this year, security experts alerted Android users to a different form of malware designed to compromise financial security. Last year, Google removed 17 apps from its Play Store after researchers raised concerns about their security practices. These apps, which had been downloaded over 12 million times, falsely claimed to offer short-term loans while secretly harvesting sensitive data from users.