In the early part of 2020, security researchers uncovered a highly complex Android spyware platform that has been very active in the past four years. The threat was named Mandrake since the attackers are using names of toxic plants and biological references for major development branches. The said spyware is silently lurking in the background and does not activate unless the operators decide that the victim has enough money to steal from.
What Can Mandrake Do?
According to the security researchers at BitDefender, contrary to other malware, Mandrake places a significant effort not to infect its victims. In other words, it picks a selected set of devices it wants to install on to explore further. According to the team, the reason behind this could be due to its operators being careful of not being discovered with each device they want to infect.
The operators, interestingly programmed Mandrake to avoid countries where compromised smartphones would not bring them any good. The security researchers also discovered that the Android malware bait users using advanced manipulation techniques. It cites that it draws the user to tap the screen on what appears to be the EULA.
However, the truth is it is a highly sophisticated set of requesting and receiving powerful permissions. The report added that those permissions allow the operators to take over the device and all the data on it after assuming complete control. The highly sophisticated spyware abuses the legal functions of Android to gain access on the compromised device.
With a successful attack, Mandrake operators can collect almost all information about the owner of the device. The hacker could browse and gather data, steal credentials on various accounts including banking applications, record activities on the screen secretly, and monitor GPS location, among others. Interestingly, Mandrake operators cover their tracks while launching the attack, making it hard for cybersecurity researchers to discover.
Other Details
According to BitDefender, "considering the complexity of the spying platform, we assume that every attack is targeted individually, executed with surgical precision and manual rather than automated." While most Android users may not be aware that their devices could have Mandrake lurking and watching their every move, there is a way to remove it. "The only way to remove Mandrake is to boot the device in safe mode, remove the device administrator special permission and uninstall it manually," says BitDefender.
The sophistication of the abilities of Mandrake along with its targeted attacks are usually indicators of a state-controlled spying operation. However, cybersecurity researchers at BitDefender think that the Android spyware is completely criminally-motivated money grab. But, it is worth noting that the operators behind Mandrake are reportedly located in Russia.
