FIVE apps with potentially dangerous spyware technology have managed to remain on the Google Play Store undetected for two years, according to experts.
The group of apps went unnoticed in checks and has been downloaded more than 32,000 times since 2021.
The so-called “Mandrake” spyware has been known to cybersecurity professionals since 2016.
But Kaspersky reported a new version of “Mandrake” affecting Android with “new layers of obfuscation and evasion techniques.”
“The main distinguishing feature of the new Mandrake variant was layers of obfuscation designed to bypass Google Play checks and make analysis more difficult,” says Kaspersky.
“We discovered five apps containing Mandrake, with more than 32 thousand downloads in total.”
Worryingly, the majority of downloads originate from the UK, as well as Canada, Germany, Italy, Mexico, Spain and Peru.
Once installed, spyware is capable of collecting data, recording and monitoring your screen, and even simulating swipes and taps.
In the worst case, these could be used by hackers to break into your private accounts, especially bank accounts.
It is also able to install more malicious apps and display fake notifications to trick you into downloading more dangerous content.
Most Read on Phones & Gadgets
“After the apps from the first campaign remained undetected for four years, the current campaign was hidden in the shadows for two years, while still being available for download on Google Play,” Kaspersky continued.
“This highlights the formidable abilities of threat actors and also that tighter controls on apps before they are published on markets only translates into more sophisticated and harder to detect threats infiltrating official app markets.”
The five applications in question have already been banned.
In a statement to BeepingComputerGoogle said: “Google Play Protect is continually improving with each app identified.
“We are always improving its capabilities, including live threat detection to help combat obfuscation and anti-evasion techniques.
“Android users are automatically protected against known versions of this malware by Google Play Protect, which is enabled by default on Android devices with Google Play Services.
“Google Play Protect can alert users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
If you don’t have Google Play Protect turned on or want to make sure you haven’t downloaded any of the apps in question, check the list below and delete the ones you find now.
- AirFS – File sharing via Wi-Fi – By it9042
- Astro Explorer – By Shevabad
- Amber – By kodaslda
- CryptoPulsing – By Shevabad
- Brain Matrix – By kodaslda
Must-Know Android Tips to Boost Your Phone
Make the most of your Android smartphone with these little-known hacks:
This story originally appeared on The-sun.com read the full story
