A report from cybersecurity company Kaspersky revealed that a likely version of Mandrake spyware was hidden in apps published on the Google Play Store for two years. The apps managed to pass through the security mechanisms of the Google Store and had more than 32 thousand downloads in the period.
After installation, the malware could intercept data from the victim's cell phone, such as taking screenshots and stealing sensitive information. According to researchers, five apps contained the virus: a Wi-Fi sharing tool, a cryptocurrency platform, an astronomy service, a puzzle game, and an app called Amber.
The software was published on the Play Store in 2022 and was available for at least a year, without any restrictions from Play Protect (the antivirus used on Android to monitor apps). In total, the five items were downloaded more than 32 thousand times in the period, with the most frequent cases in Germany, Canada, Spain, the United Kingdom, Peru, and Mexico.
According to the VirusTotal platform, none of the applications were detected as malware in official stores. The products are currently no longer available on the Play Store.
Mandrake spyware evaded Google Play security
The original version of Mandrake spyware managed to avoid Play Store detection mechanisms for four years, between 2016 and 2020, according to BitDefender. Again, the variation drew attention due to the time it was displayed on the Google Play Store, without receiving any restrictions.
It's worth
remembering that Play Protect scans apps in real-time threats and can even be
used for installations made outside the store. According to Kaspersky, the
hackers are likely to be of Russian origin.