Mandrake: Super sophisticated Android malicious code, only 4 years to be discovered
Recently, security researchers from Bitdefender Labs have discovered relatively detailed traces of a malicious strain that infects Android devices, designed to steal victims' data. The problem is that this malware has been operating since 2016, but it has not been discovered until now.
Specifically, this malware, called Mandrake, possesses a slightly different mode of operation than most common threats today, in that it does not attempt to infect the device at all costs. Instead, Mandrake will carefully select the victim. It will only target the most valuable targets (possessing large amounts of valuable data). Such a way of operation not only helps malicious code optimize profits, but also makes them restrict the attention from the security world.
In addition, the malware is also programmed to evade Android users in certain regions / countries, including countries in the former Soviet Union, Africa and the Middle East. In contrast, Australia, the US, Canada and some European countries are the 'most' targeted regions.
According to estimates by Bitdefender Labs, since 2016 Mandrake has infected hundreds of thousands of victims worldwide, with tens of thousands of devices infected at the present time. This number is not large compared to the famous malicious code ever recorded. However, it is worth mentioning that most of Mandrake's victims are high-value targets, so the damage this malicious code can cause is still huge.
One reason Mandrake has not been discovered by the Play Store for many years is that the malware is not included in apps. Instead, it is distributed after the victim has installed the application on the device. Apps only use their own process to download malicious payloads when "directed" to do so, so that they bypass Google's checking process. Once the malicious payload has been distributed on the target device, the malware starts collecting most of the data it wants from the user, including login credentials for websites and applications. When installed on the device, the application looks like a normal app, but in the back, it grants the rights and data to the malicious operator.
Mode of malicious code operationBogdan Botezatu, director of threat research and reporting at Bitdefender, called Mandrake "one of the most powerful malware in the Android world" , with the ultimate goal of fully controlling the device and capturing the device. gaining victim's valuable personal data.
Mandrake has been distributed through a list of Android apps on the Play Store for years. These applications are constantly being updated, refreshed and even come from different developers.
Even the applications used to distribute malware are relatively well supported so that users mistakenly believe that it is a trusted application: developers respond to user feedback on the Store, There are even social networking sites.
In particular, after it has collected all the data it wants, the malware can completely remove itself from the device, leaving the victim unaware of what happened.
List of some applications containing malicious codeWith such a complex mode of operation, it is difficult to prevent Mandrake. The best way to avoid this type of malware is to install applications from reputable and reliable developers.
If you need more information, you can read the full Mandrake report on Bitdefender here:
https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf
You should read it
- 5 types of malware on Android
- How many types of malware do you know and how to prevent them?
- 10 typical malware types
- What is Safe Malware? Why is it so dangerous?
- Can a VPN Fight Malware?
- What is Malware Joker? How to fight Malware Joker?
- What is Malware? What kind of attack is Malware?
- The 4 most common ways to spread malware today
- Learn about polymorphic malware and super polymorphism
- What is Goldoson Malware? How can you protect yourself?
- What is Clipper Malware? How does it affect Android users?
- Detecting Android malware can easily steal OTP code without the victim knowing