1 min read

Mandrake - owning Android devices since 2016

Bogdan BOTEZATU

May 14, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Mandrake - owning Android devices since 2016

In early 2020 we identified a new, highly sophisticated Android espionage platform that had been active in the wild for at least 4 years. We named the threat Mandrake as the actor(s) behind it used names of toxic plants, or other botanical references, for major development branches: e.g. Briar, Ricinus or Nerium.

An investigation by Bitdefender researchers Marius TIVADAR, Rickey GEVERS,  Rareș BLEOTU,  Alin Mihai BARBATEI,  Bíró BALÁZS and Claudiu COBLIȘ

An incredibly sophisticated piece of Android malware

Unlike run of the mill malware, Mandrake puts in significant effort NOT to infect victims. It cherry-picks a handful of devices it gets installed on for further exploitation. This is likely because its operators know that they increase their chances of being called out with every device they infect, so they have instructed the malware to avoid countries where compromised devices won’t bring them any return of interest.

The malware also uses advanced manipulation tactics to bait users. For instance, it re-draws what the user sees on the screen to hijack taps. What the users perceive as accepting an End-User License Agreement is actually a complex series of requesting and receiving extremely powerful permissions. With those permissions, the malware gets complete control of the device and data on it.

If you want to learn more about Mandrake, the whitepaper below provides insight into how the malware operates, what its end goal seems to be and how it successfully managed to stay undetected in an official app store for more than 4 years.

Download the whitepaper

tags


Author



Right now

Top posts

A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Under Siege for Months: the Anatomy of an Industrial Espionage Operation Under Siege for Months: the Anatomy of an Industrial Espionage Operation
Alexandru MAXIMCIUCVictor VRABIE
1 min read
New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike
Filip TRUȚĂRăzvan GOSAAdrian Mihai GOZOB
4 min read
New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read