Mandrake malware tries to evade detection and also avoids running on devices with no SIM cards or those with sim related issues.
Every day we see unique instances of malware come up, different from any that we have seen before. In a world so driven with innovation, not being surprised can become difficult. One such malware named Mandrake has been reported just yesterday by Cybersecurity firm Bitdefender in a report detailing its workings since 2016.
Firstly, Mandrake lures a user into installing trojanized apps on the Google Play Store, 7 of which were found with a high number of downloads including:
AbfixCoinCastCar NewsHoroskopeSnapTune VidOffice ScannerCurrency XE Converter
See: Android ransomware found extorting credit card details from users
These apps are of different categories ensuring that a cross-section of users are infected widening the scope of the malware. Ironically, in a bid to appear as legitimate as possible, the attackers even responded to user complaints and fixed bugs found within the apps.
Further, ads were rarely shown with social media pages being created for each app as well.
Image: Bitdefender
Secondly, according to the researchers, unlike other threat actors, the attackers in this case only attempt to activate the malware on certain selected devices it infects which they believe will yield them reasonable monetary benefits. Hence, countries with a mandrake android malware stealing facebook crypto since
