Mandrake Spyware Returns: Malicious Apps on Google Play Infect Thousands of Devices

A recent report highlights the return of the Mandrake spyware, an advanced piece of malware targeting Android devices. This malicious software, which was dormant for two years, has infected over 32,000 devices by masquerading as legitimate apps like “AirFS” and “Astro Explorer.” Once installed, Mandrake remains inactive for long periods to avoid detection, gradually downloading additional components that enable it to steal sensitive data, track GPS locations, and even initiate phone calls.

Mandrake is particularly sneaky because it doesn’t target everyone indiscriminately; instead, it selects victims based on specific criteria like geographic location. This selective approach has helped it evade detection for a long time. The apps were removed from Google Play in March 2024, but users who installed them are advised to delete them immediately and run a security scan.
Source:​ (Cyber Security News)​​ (CSN Source #2)​​ (Cyber Security News)​.