Bitdefenter Labs, a software security research company, has revealed details about a new malware attacking Android devices. According to experts, it behaves a little differently than most common threats, since it does not attack all devices. Instead, the virus chooses users from whom it can get the most useful data.
The developers of the malware have banned it from attacking users in certain regions, including countries that used to be part of the Soviet Union, Africa and the Middle East. Australia, according to research, is the main target of hackers. A large number of devices in the US, Canada and some European countries were also infected.
The malware was first detected by experts earlier this year, although it began spreading as early as 2016, and is estimated to have infected the devices of hundreds of thousands of users during this period. Since the beginning of this year, the software has already hit tens of thousands of devices.
The reason why the virus went unnoticed on Google Play for a long time is that the malicious code is not actually included in the applications themselves, but they use a process that only launches spying functions on direct instructions, and hackers, behind this does not include these features when tested by Google. However, when the malicious code is executed, the application can receive almost any data from the device, including the information necessary to log into websites and applications.
Bogdan Botezatu, Director of Threat Research and Reporting at Bitdefender, called Mandrake one of the most powerful Android malware. Its ultimate goal is to gain complete control over the device and compromise user accounts.
In order to go unnoticed over the years, Mandrake has been distributed through various applications on Google Play, published under various developer names. The applications used to distribute malware are also relatively well supported to maintain the illusion that these programs can be trusted. Developers often respond to reviews, and many apps have social media support pages. The most interesting thing is that applications completely erase themselves from the device as soon as they receive all the necessary data.
Google has not commented on the situation, and it is likely that the threat is still active. The best way to avoid Mandrake infection is to install time-tested applications from well-established developers.
Source: 3dnews.ru