Bitdefender cybersecurity researchers have highlighted the behavior of Mandrake malware, malware that has been active for several years and targets Android smartphones. The malware differs from its congeners by its discretion. He can thus continue his misdeeds on the phones he has infected for a long time, without arousing the slightest suspicion of his victims.
Once installed, the malware is able to take full control of the smartphone in order to collect all the data. This ranges from the theft of bank and account identifiers, from screenshots to the collection of sent and received SMS, as well as contacts via geolocation data. It can also permanently record screen activity without being detected.
Expanding malware
It had already been spotted in 2016, but at the time, it was limited to Australian targets. Today, the ambition of its authors is greater since the malware has also been spotted in Europe, especially in Belgium and France. Difficult to know exactly the scale of Mandrake's campaign.
“Mandrake's ultimate goal is total control of the device. It is one of the most powerful Android malware we have seen so far, ”reported Bogdan Boteztu, Bitdefender director of research, to our colleagues at ZDNet.
In addition to its discretion, Mandrake sets itself apart from other malware by its deployment methods. There is no question of random and opportunistic infection. The malware authors seem to carefully select their targets and then find a way to infect their phone. After which, the hackers manually control the virus to collect the personal data of their victims. Once they have gathered the information they wanted, the hackers erase the malware from the device, leaving no trace.
"Unlike common malware, Mandrake makes great efforts not to infect victims. It selects a handful of devices on which it is installed for later use, ”says Bogdan Boteztu in his report. According to Bitdefender, in four years, Mandrake has claimed several hundred thousand victims. At the moment, it is unclear what happens to the data collected, or why the malware operators target certain people.
A particularly sophisticated process
The authors of Mandrake have developed a particularly elaborate plan for making victims. They not only developed fake applications, but also multiplied the names of developers on the Play Store so as not to arouse suspicion. The apps were free from advertising and even had the right to regular updates - requesting improper permissions. They also had pages on social networks, just to convince them of their good faith.
“Malware works in stages, the first stage being a harmless application without malicious behavior, other than the ability to download and install a payload in the second stage when expressly requested. We can safely say that its operator will not trigger this malicious behavior when it operates in the Google analysis environment, "said the director of research at Bitdefender.
Currently, the only solution to avoid being tricked by this kind of particularly well-developed process is to download applications of known origin and whose developers are safe and reliable. Downloading applications from new sources, even available on an official store, is unfortunately not without risks.
High-Tech
Android: 24 applications siphon the personal data of their users
High-Tech
Cybersecurity: Microsoft and Intel want to turn malware into images to better analyze them
- Smartphone
- Android
- Personal data
- Computer virus
- High-Tech
- Cybersecurity