The apps hosting the Mandrake malware in Google Play are disguised as file-sharing, astronomy, and cryptocurrency apps, demonstrating the malware's ability to hide in plain sight.
Mandrake's concealment tactics included not functioning in 90 countries, delivering payloads to narrowly targeted victims, incorporating a kill switch named seppuku, using decoy apps, providing quick bug fixes, and implementing TLS certificate pinning.
Estimations suggest that tens of thousands fell victim to Mandrake during 2018-2020 with potentially hundreds of thousands impacted over four years, highlighting the malware's extensive reach.
Kaspersky reported the resurgence of Mandrake-infected apps in 2022 on Google Play, showcasing the malware's evolution to better evade sandboxes, enhance concealment methods, and bypass modern malware protection.
Collection
[
|
...
]