Beware of Mandrake, the virus that has hit Android for four years

Since 2016, Mandrake malware has infected tens of thousands of Android smartphones. Hackers hide their virus in free applications and above all suspicion. The objective is to collect personal data.

  Mandrake’s ultimate goal is total control of the device. It is one of the most powerful Android malware we have seen so far. ” This sentence is signed Bogdan Boteztu, research director of Bitdefender, and it is found in a 58-page white paper on malware. A malware like no other since according to this antivirus editor, Mandrake has been circulating and acting for four years!

In this white paper, we learn that he infected tens of thousands of Android smartphones and that his specialty is to recover personal data. To achieve this, its attack is carried out in three stages. The first, very classic, is to hide in a popular application, which arouses no suspicion. Like an “incredible sophisticated” Trojan horse to use BitDefender’s expression.

A trap in three stages

These applications are numerous, with different publisher names. They are most often free, and they even have their site internet or accounts on social networks. Everything is in place to ensure that the application is considered as safe as possible by users. Especially as the download is performed from the Play Store of Google, supposedly secure maximum.

Then, once the file is installed in the smartphone, the malware needs to install a second file. For this, it needs the consent of the user, and the window that appears suggests that it is Android that needs to install the program. The user can thus think that it is a simple update. If he accepts, the damage is done. BitDefender also explains that to trap more experienced users, the malware displays license acceptance windows, as we often see, but when you accept, you install the program in spite of yourself.