Android Spyware Lurking in Google Play for Two Years: 32,000 Devices Infected

An undetected variant of the Mandrake malware hid in the Google Play app store for two years, infecting over 32,000 devices through apps like Wi-Fi file sharing and cryptocurrency tools. Despite its advanced evasion techniques, Google finally removed the malicious apps after Kaspersky’s discovery.

3P
Published: July 30, 2024 8:11 pmAdded: July 30, 2024 at 1:32 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew you could get more than just your horoscope from an astronomy app? Mandrake’s back, and it’s out to prove that even spyware can have a glow-up! Google Play, you had one job…

Key Points:

  • New variant of Mandrake malware found in five Android apps on Google Play.
  • Apps collectively had over 32,000 downloads and were available for about two years.
  • Malware hid in apps related to Wi-Fi sharing, astronomy, gaming, cryptocurrency, and logic puzzles.
  • Mandrake uses advanced evasion techniques like OLLVM and certificate pinning.
  • Most downloads came from Canada, Germany, Italy, Mexico, Spain, Peru, and the UK.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?