Malware was detected in five applications that had been present for two years and was collecting user information.
When downloading applications, you should always be careful not to install anything on your phone and become a victim of a virus. Thus, it is strongly recommended to only use apps validated by the Apple App Store or the Google Play Store, which monitor those that can be downloaded. However, malware sometimes manages to bypass their security barriers, as was the case for five applications available on Android.
This software is called Mandrake. First appearing in 2016, it made headlines again in 2020. And, in 2024, the experts at the cybersecurity company Kapersky detected it in five apps that were published on Google Play in 2022. They could have been downloaded for at least a year, after being validated using obfuscation techniques that allowed them to bypass security checks.
This malware has two main goals. The first is to steal user credentials, and the second is to facilitate the download and execution of other malware. According to Kapersky, this version of Mandrake may have affected tens of thousands of people, as the infected applications were installed more than 32,000 times. They were mainly downloaded in Canada, Germany, Italy, Mexico, Peru, Spain, and the United Kingdom.
The apps affected by this problem presented themselves as completely legitimate apps: cryptocurrency management, puzzles, astronomy, file sharing or even a game from a recognized publisher, Genshin Impact. In detail, these are the apps AirFS – File sharing over Wi-Fi, Astro Explorer, Amber, Cryptopulsing And Brain Matrix that were problematic, and they have since been removed from the Play Store. Those who used them are no longer at risk, but it does serve as a reminder of the importance of being vigilant when downloading apps, because, as our colleagues at Bleeping Computer, “Spyware could return via new, harder-to-detect applications”just like other malware.