More on privacy<\/span><\/h3>\n\n- Microsoft to apply California’s privacy law for all US users<\/a><\/li>\n
- Mind-reading technology: The security and privacy threats ahead<\/a><\/li>\n
- How to replace each Google service with a more privacy-friendly alternative<\/a><\/li>\n
- Cyber security 101: Protect your privacy from hackers, spies, and the government<\/a><\/li>\n<\/ul>\n<\/div>\n
The attacker can browse and collect all data on the device, steal account credentials for accounts including banking applications. secretly take recordings of activity on the screen, track the GPS location of the user and more, all while continuously covering their tracks.<\/p>\n
SEE:\u00a0Cybersecurity: Let’s get tactical<\/a>\u00a0(ZDNet\/TechRepublic special feature) |\u00a0Download the free PDF version<\/a>\u00a0(TechRepublic)<\/strong><\/p>\nThe full capabilities of Mandrake \u2013 which has been observed targeting users across Europe and the Americas \u2013 are\u00a0detailed in a paper by cybersecurity researchers at Bitdefender<\/a>. Mandrake has been active since 2016 and researchers previously detailed how the spyware operation was specifically targeting Australian users \u2013 but now it’s targeting victims around the world.<\/p>\n“The ultimate goal of Mandrake is complete control of the device, as well as account compromise. This is one of the most potent pieces of Android malware we have seen until now,” Bogdan<\/p>\n
Botezatu, director of threat research and reporting at Bitdefender, told ZDNet.<\/p>\n
It isn’t clear exactly how widespread the campaigns are, but the malware isn’t spammed out like other campaigns \u2013 the attackers appear to carefully pick their victims and once they have a valued target compromised, they’ll manually control the actions of Mandrake in order to manipulate the most information out of the user as possible.<\/p>\n\n\n\n\n\n\n![](\"https:\/\/creatives.cbsileads.com\/images\/doctype\/whitePapers_125x100.jpg\")
<\/a><\/p>\n\n\nIT Security: Concerns, budgets, trends and plans (TechRepublic Premium)<\/a><\/p>\n<\/div>\n<\/div>\n\n\nThis archived TechRepublic Premium report, originally published in November 2013, is available for free to registered TechRepublic members. For all the latest research reports, 100+ ready-made policies, IT job descriptions, and more, check out TechRepubli…<\/p>\n<\/div>\n<\/div>\n<\/div>\n
Research<\/a> provided by TechRepublic Premium<\/a><\/div>\n<\/div>\n<\/section>\n<\/div>\n<\/div>\n<\/section>\n“We estimate the number of victims in the tens of thousands for the current wave, and probably hundreds of thousands throughout the full four-year period,” the company said.<\/p>\n
And when the attackers have gained all the information they want from the victim, Mandrake has a kill-switch that wipes the malware from the device.<\/p>\n
Mandrake’s operators have put serious effort into making sure it has stayed hidden over the years, even going so far as to develop, upload and maintain several applications on the Google Play Store \u2013 under the names of several different developers. Some of these were designed to target specific countries. The apps have now been removed.<\/p>\n
In order to keep users happy the apps were mostly ad free and fixes were regularly delivered. Some of the apps even had social media pages \u2013 all designed to convince users to download and trust them.<\/p>\n
The malware avoids detection by Google Play by using a multi-stage process to hide the payload. The app is installed on the phone and it then contacts the server to download a loader, which then provides the additional capabilities Mandrake needs to take control of the device.<\/p>\n
“The malware operates in stages, with the first stage being a benign app with no malicious behaviour, other than the ability to download and install a second-stage payload when expressly directed to do so. It is safe to say that its operator won’t trigger this malicious behaviour while running in Google’s analysis environment,” Botezatu explained.<\/p>\n
The malware tricks the user into providing it with additional privileges on the device.<\/p>\n
“What seems to be a simple process such as going through an End-User License Agreement and accepting it is actually translated behind the scenes into requesting and granting extremely powerful permissions. With those permissions, the malware gets complete control of the device and data on it,” said Botezatu.<\/p>\n
The attacker can browse and collect all data on the device, steal account credentials for accounts including banking applications. secretly take recordings of activity on the screen, track the GPS location of the user and more, all while continuously covering their tracks.<\/p>\n
SEE:\u00a0Cybersecurity: Let’s get tactical<\/a>\u00a0(ZDNet\/TechRepublic special feature) |\u00a0Download the free PDF version<\/a>\u00a0(TechRepublic)<\/strong><\/p>\n The full capabilities of Mandrake \u2013 which has been observed targeting users across Europe and the Americas \u2013 are\u00a0detailed in a paper by cybersecurity researchers at Bitdefender<\/a>. Mandrake has been active since 2016 and researchers previously detailed how the spyware operation was specifically targeting Australian users \u2013 but now it’s targeting victims around the world.<\/p>\n “The ultimate goal of Mandrake is complete control of the device, as well as account compromise. This is one of the most potent pieces of Android malware we have seen until now,” Bogdan<\/p>\n Botezatu, director of threat research and reporting at Bitdefender, told ZDNet.<\/p>\n It isn’t clear exactly how widespread the campaigns are, but the malware isn’t spammed out like other campaigns \u2013 the attackers appear to carefully pick their victims and once they have a valued target compromised, they’ll manually control the actions of Mandrake in order to manipulate the most information out of the user as possible.<\/p>\n IT Security: Concerns, budgets, trends and plans (TechRepublic Premium)<\/a><\/p>\n<\/div>\n<\/div>\n This archived TechRepublic Premium report, originally published in November 2013, is available for free to registered TechRepublic members. For all the latest research reports, 100+ ready-made policies, IT job descriptions, and more, check out TechRepubli…<\/p>\n<\/div>\n<\/div>\n<\/div>\n “We estimate the number of victims in the tens of thousands for the current wave, and probably hundreds of thousands throughout the full four-year period,” the company said.<\/p>\n And when the attackers have gained all the information they want from the victim, Mandrake has a kill-switch that wipes the malware from the device.<\/p>\n Mandrake’s operators have put serious effort into making sure it has stayed hidden over the years, even going so far as to develop, upload and maintain several applications on the Google Play Store \u2013 under the names of several different developers. Some of these were designed to target specific countries. The apps have now been removed.<\/p>\n In order to keep users happy the apps were mostly ad free and fixes were regularly delivered. Some of the apps even had social media pages \u2013 all designed to convince users to download and trust them.<\/p>\n The malware avoids detection by Google Play by using a multi-stage process to hide the payload. The app is installed on the phone and it then contacts the server to download a loader, which then provides the additional capabilities Mandrake needs to take control of the device.<\/p>\n “The malware operates in stages, with the first stage being a benign app with no malicious behaviour, other than the ability to download and install a second-stage payload when expressly directed to do so. It is safe to say that its operator won’t trigger this malicious behaviour while running in Google’s analysis environment,” Botezatu explained.<\/p>\n The malware tricks the user into providing it with additional privileges on the device.<\/p>\n “What seems to be a simple process such as going through an End-User License Agreement and accepting it is actually translated behind the scenes into requesting and granting extremely powerful permissions. With those permissions, the malware gets complete control of the device and data on it,” said Botezatu.<\/p>\n<\/a><\/p>\n