Article 53M05 'Mandrake' Android Spyware Remained Undetected for 4 Years

'Mandrake' Android Spyware Remained Undetected for 4 Years

by
martyb
from SoylentNews on (#53M05)

upstart writes in with an IRC submission for carny:

'Mandrake' Android Spyware Remained Undetected for 4 Years:

Security researchers at Bitdefender have identified a highly sophisticated Android spyware platform that managed to remain undetected for four years.

Dubbed Mandrake, the platform targets only specific devices, as its operators are keen on remaining undetected for as long as possible. Thus, the malware avoids infecting devices in countries that might bring no benefit for the attackers.

Over the past four years, the platform has received numerous updates, with new features being constantly added, and obsolete ones being removed. Under continuous development, the malware framework is highly complex, Bitdefender's security researchers say.

Mandrake provides attackers with complete control over an infected device, allowing them to turn down the volume, block calls and messages, steal credentials, exfiltrate data, transfer money, record the screen, and blackmail the victim.

Considering the complexity of the spying platform, we assume that every attack is targeted individually, executed with surgical precision and manual rather than automated. Weaponization would take place after a period of total monitoring of the device and victim," Bitdefender explains.

Mandrake looks like an advanced espionage platform, but the security researchers believe the campaign is rather financially motivated. During their investigation, they observed phishing attacks targeting an Australian investment trading app, crypto-wallet apps, the Amazon shopping application, banking software, payment apps, an Australian pension fund app, and Gmail.

[...] Seven malicious applications delivering Mandrake were identified in Google Play alone, namely Abfix, CoinCast, SnapTune Vid, Currency XE Converter, Office Scanner, Horoskope and Car News, each of them having hundreds of thousands of downloads.

[...] The malware avoids about 90 countries from infection and does not run on devices with no SIM or with SIM cards issued by certain operators, including Verizon and China Mobile Communications Corporation (CMCC).

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments