Android spyware gives attackers total control of your phone: What to do

Discussion in 'Headline News' started by RickAgresta, May 16, 2020.

  1. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Likes Received:
    Trophy Points:
    Mandrake malware sneaks in through innocent-seeming apps

    A newly discovered strain of multi-stage Android spyware has been lurking in the background since 2016, infecting tens of thousands of users but not activating itself unless the malware operators decided the victim has enough money to be worth stealing from. The malware, dubbed Mandrake by its discoverers at Bitdefender, can take "complete control of the device" and can steal information and cryptocurrency, break into bank accounts, and even factory-reset infected phones to cover its tracks. Mandrake-infected apps have been purged from the Google Play store, but they almost certainly still lurk in "off-road" app markets out of Google's reach. To avoid infection, make sure your phone's settings have not been changed to accept apps from "unknown sources," and install some of the best Android antivirus apps.

    A tragedy in three acts

    Mandrake's first stage, the "dropper," comes in the form of benign-looking apps that actually do what they promise. Bitdefender found several of those in Google Play under the names CoinCast, Currency XE Converter, Car News, Horoskope, SnapTune Vid, Abfix and Office Scanner.
    All have now been removed from Google Play, although Tom's Guide was able to confirm that Facebook and YouTube pages advertising some of them were still up. If you install one of these innocent-looking apps, it collects information about your device and your surroundings, but otherwise does nothing terrible. If the app didn't work well for its advertised purposes and you complained about it on Google Play, the malware operators would apologize and make improvements. "We estimate the number of victims in the tens of thousands for the current wave, and probably hundreds of thousands throughout the full 4-year period," Bitdefender wrote in its report. But the first stage would also tricked you into authorizing app installations from outside the Google Play store, after which it would download and install the second stage — the "loader," which calls itself "Android system" to avoid attention. The loader lurks in the background, collecting more information about you and sending it to the malware operators until they decide whether you look rich enough to steal from*. If so, then the loader downloads the third stage, the core Mandrake malware. "Considering the complexity of the spying platform, we assume that every attack is targeted individually, executed with surgical precision and manual rather than automated," Bitdefender wrote.

    *rich enough to steal from?! whew! that's a load off my mind
    scjjtt, Hook, lelisa13p and 1 other person like this.
  2. lelisa13p

    lelisa13p Your Super Moderator Super Moderator

    Likes Received:
    Trophy Points:
    Like in appreciation of the warning :thumbsup:, and a curse for the nefarious activity. :vbmad:
    scjjtt, RickAgresta and Hook like this.
  3. Jerry_NJ

    Jerry_NJ Mobile Deity

    Likes Received:
    Trophy Points:
    Running 8.1 ON smartphone need help on finding app acceptance. APP PERMISSION doesn't show anything that will allow me to restrict to PLAY.

Share This Page