Android users must delete five apps now after experts find malicious bank-raiding spy tech
FIVE apps with potentially dangerous spyware tech have managed to stay on the Google Play Store undetected for two years, according to experts.
The group of apps snuck past checks and have been downloaded more than 32,000 times since 2022.
So-called “Mandrake” spyware has been known to cyber security pros since 2016.
But Kaspersky has reported on a new version of “Mandrake” affecting Android with “new layers of obfuscation and evasion techniques”.
“The main distinguishing feature of the new Mandrake variant was layers of obfuscation designed to bypass Google Play checks and hamper analysis,” Kaspersky says.
“We discovered five applications containing Mandrake, with more than 32,000 total downloads.”
Worryingly, most downloads have originated from the UK, as well Canada, Germany, Italy, Mexico, Spain and Peru.
Once installed, the spyware is capable of collecting data, recording and monitoring your screen and even simulating swipes and taps.
In the very worst case scenario, these could be used by hackers to break into your private accounts, especially bank accounts.
It’s also able to install more malicious apps and display fake notifications to lure you into downloading more dangerous content.
“After the applications of the first campaign stayed undetected for four years, the current campaign lurked in the shadows for two years, while still available for download on Google Play,” Kaspersky continued.
“This highlights the threat actors’ formidable skills, and also that stricter controls for applications before being published in the markets only translate into more sophisticated, harder-to-detect threats sneaking into official app marketplaces.”
The five apps in question have since been banned.
In a statement to BleepingComputer, Google said: “Google Play Protect is continuously improving with each app identified.
“We’re always enhancing its capabilities, including upcoming live threat detection to help combat obfuscation and anti-evasion techniques.
“Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.
“Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
If you don’t have Google Play Protect enabled or want to be sure you’ve not downloaded any of the apps in question, check the list below and delete any you find now.
- AirFS – File sharing via Wi-Fi – By it9042
- Astro Explorer – By shevabad
- Amber – By kodaslda
- CryptoPulsing – By shevabad
- Brain Matrix – By kodaslda
Must-know Android tips to boost your phone
Get the most out of your Android smartphone with these little-known hacks: