Five applications, harboring potentially hazardous spyware technology, have evaded detection on the Google Play Store for a span of two years, as revealed by cybersecurity experts. This group of apps has collectively amassed over 32,000 downloads since their introduction in 2022.
<figure class="articlemedia”>
<figcaption class="articlemedia-caption”>
<span class="articlemedia-span”>The most popular of the bunch is an app called AirFS – File sharing via Wi-Fi
<span class="articlecredit”>Credit: Kaspersky
The spyware in question, known as “Mandrake,” has been on the radar of cybersecurity professionals since 2016. Kaspersky recently reported the emergence of a new variant of Mandrake specifically targeting Android devices, characterized by advanced layers of obfuscation and evasion techniques. According to Kaspersky, “The main distinguishing feature of the new Mandrake variant was layers of obfuscation designed to bypass Google Play checks and hamper analysis.” The firm identified five applications containing Mandrake, which have garnered a total of over 32,000 downloads.
Read more about Android
Concerningly, the majority of these downloads have originated from the UK, alongside users in Canada, Germany, Italy, Mexico, Spain, and Peru. Once installed, the spyware possesses the capability to collect sensitive data, record and monitor user screens, and even simulate swipes and taps. In the most alarming scenarios, this could facilitate unauthorized access to private accounts, particularly banking information. Furthermore, the spyware can install additional malicious applications and generate deceptive notifications to entice users into downloading even more perilous content.
Most read in Phones & Gadgets
Kaspersky noted, “After the applications of the first campaign stayed undetected for four years, the current campaign lurked in the shadows for two years, while still available for download on Google Play.” This situation underscores the impressive skills of threat actors and suggests that stricter controls over application publishing only lead to the emergence of more sophisticated and harder-to-detect threats infiltrating official app marketplaces.
<span class="articlebc_video-caption”>Google reveals clever trick to prevent thieves from emptying your accounts on the Android 15
In response to these findings, the five identified apps have since been removed from the platform. Google issued a statement to BleepingComputer, asserting, “Google Play Protect is continuously improving with each app identified. We’re always enhancing its capabilities, including upcoming live threat detection to help combat obfuscation and anti-evasion techniques.” Android users benefit from automatic protection against known malware versions through Google Play Protect, which is enabled by default on devices utilizing Google Play Services. This feature can alert users or block applications exhibiting malicious behavior, even if they originate from outside the Play Store.
For those who may not have Google Play Protect activated or wish to ensure they haven’t inadvertently downloaded any of the flagged applications, a list of the apps is provided below for immediate review and deletion:
- AirFS – File sharing via Wi-Fi – By it9042
- Astro Explorer – By shevabad
- Amber – By kodaslda
- CryptoPulsing – By shevabad
- Brain Matrix – By kodaslda
<h3 class="article-boxoutheadline t-s-border-color”>Must-know Android tips to boost your phone
Get the most out of your Android smartphone with these little-known hacks:
