Google has booted five popular apps from the Play Store — but you will still need to take action to avoid infection from the latest troubling strain of malware designed to target Android users. Dubbed Mandrake, the spyware had infiltrated apps that were downloaded a dizzying 32,000 times.
Mandrake isn’t new — the first examples of this strain of malware date back to 2016 — but this latest variant boasts more sophisticated spying capabilities, security researchers claim. Not only that, but it has been tweaked to avoid detection from the security features baked into the Google Play Store.
Google’s Play Protect defences scan some 125 billion apps every day, including those already installed on Android smartphones and tablets, as well as listings in the Play Store, to spot any malicious code. However, it is possible to bypass these protections — as we’ve just seen with the latest Mandrake attack.
AirFS is one of five Android applications with a new strain of the Mandrake malware included in their code. It received thousands of downloads before it was spotted by researchers and deleted by Google
KASPERSKY | GOOGLE PLAY STORE
Mandrake is capable of watching everything you do on your device. It’s capable of collecting data, recording your screen, and even simulating taps and swipes on the touchscreen to take control of the device and wreak further havoc, researchers warn. All of this can happen when the phone is in your pocket too.
The infected apps were available to download from the Play Store for at least a year.
Google has removed the malware-laced apps from the digital store — blocking new downloads. However, this only stops new Android users from downloading the software, if you’ve already got one of these dodgy apps on your device, the action taken by Google won’t remove these malicious apps.
You’ll need to delete these apps one by one to ensure you’re safe.
According to researchers, Android smartphone and tablet owners in the UK, Canada, Germany, Italy, Mexico, and Spain are all believed to have been impacted by this latest malware campaign in the Play Store. The apps downloaded 32,000 in total are as follows:
- AirFS
- Astro Explorer
- Amber
- CryptoPulsing
- Brain Matrix
Google confirmed that Mandrake had infiltrated its mobile marketplace, but reassured users that enabling Play Protect should keep device owners’ shielded from the worst of its effects.
“Google Play Protect is continuously improving with each app identified. We’re always enhancing its capabilities, including upcoming live threat detection to help combat obfuscation and anti-evasion techniques,” a spokesperson for the US search giant told Bleeping Computer.
“Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play.”
If you haven’t already got Play Protect running on your phone, you can quickly switch-on the free-to-use security feature by heading to the Google Play Store on your Android device, tapping on your profile picture in the top-right of the screen, then tapping Play Protect Settings and switching on Scan Apps with Play Protect.
Security experts always advise sticking with an official source — like the Google Play Store — when downloading an app. But while these digital marketplaces are statistically safer than downloading an APKs and manually installing software on your device from the internet, they’re not infallible.
LATEST DEVELOPMENTS
Pay close attention to the reviews on software — as well as the permissions requested by the app. Do these seem proportionate? Ask yourself why the app would even need access to certain data to perform its functions.
Deleting the five malicious apps above should remove the threat from your phone. If you receive a warning from Google’s Play Protect service, always check what has triggered the alert and take action.
This is not the first time hackers have managed to infiltrate the Play Store. Earlier this year, security experts warned Android users about a new form of malware specifically designed to drain your bank account in seconds. And last year, Google removed 17 Android apps from the digital shelves of its Play Store after researchers flagged security concerns.
The apps, which had been downloaded over 12 million times, claimed to offer access to short-term loans …but were designed from the ground up to steal buckets of sensitive data from your device.