Five applications, harboring potentially hazardous spyware technology, have evaded detection on the Google Play Store for a span of two years, as revealed by cybersecurity experts. This group of apps has collectively amassed over 32,000 downloads since their introduction in 2022.
The Rise of Mandrake
The spyware in question, known as “Mandrake,” has been on the radar of cybersecurity professionals since 2016. Kaspersky recently reported the emergence of a new variant of Mandrake specifically targeting Android devices, characterized by advanced layers of obfuscation and evasion techniques. According to Kaspersky,
Concerningly, the majority of these downloads have originated from the UK, alongside users in Canada, Germany, Italy, Mexico, Spain, and Peru. Once installed, the spyware possesses the capability to collect sensitive data, record and monitor user screens, and even simulate swipes and taps. In the most alarming scenarios, this could facilitate unauthorized access to private accounts, particularly banking information. Furthermore, the spyware can install additional malicious applications and generate deceptive notifications to entice users into downloading even more perilous content.
Google's Response
Kaspersky noted,
In response to these findings, the five identified apps have since been removed from the platform. Google issued a statement to BleepingComputer, asserting,
For those who may not have Google Play Protect activated or wish to ensure they haven’t inadvertently downloaded any of the flagged applications, a list of the apps is provided below for immediate review and deletion:
- AirFS – File sharing via Wi-Fi – By it9042
- Astro Explorer – By shevabad
- Amber – By kodaslda
- CryptoPulsing – By shevabad
This revelation serves as a stark reminder of the ever-evolving landscape of cybersecurity threats and the importance of vigilance in app downloads and installations.