Mandrake is a new and very dangerous Android virus that can spy on users and take complete control of your device. Here's how to defend yourself
The cybersecurity company Bitdefender raises the alarm: Mandrake is back. The dangerous virus, already detected several times since 2016, seems to be back to strike since early 2020. And it is not good news because Mandrake is not just a virus, but a real international espionage campaign, highly sophisticated.
Sophisticated because, paradoxically, Mandrake does not strive to infect victims, but to not infect them. It would seem absurd, but it's true: Mandrake goes from smartphone to smartphone selecting only a handful of devices, the ones that are really interesting for whoever is remotely directing this attack. The hackers, according to Bitdefender, have chosen this strategy to be able to work undisturbed for several years, continuing to spy on the devices that are useful to them and avoiding raising a media fuss and pushing "the good guys" to take the necessary countermeasures. When Mandrake chooses a device, however, it takes almost complete possession of it.
How Mandrake spyware works
At the moment, it appears that Mandrake is focusing on the smartphones of users in Europe and the Americas (it was previously spotted in Australia as well). "Mandrake's ultimate goal is complete device control and account compromise. This is some of the most powerful Android malware we've seen so far," said Bogdan Botezatu, director of research at Bitdefender. This malware is not spread like the others: the attackers seem to carefully select their victims and once an estimated target is compromised, they manually control Mandrake's actions to manipulate as much information as possible to the user. A "handmade" attack, so to speak. The virus is downloaded via manipulated apps published on the Play Store, some of which have gone undetected for four years thanks to a sophisticated multi-level method whereby the virus is downloaded only from other seemingly clean components of the apps.
How to defend yourself against Mandrake
If even Google can't spot the apps that carry Mandrake, it's unlikely that the end user can. But it's the end user who has to do most of the work to prevent the infection. The only advice Bitdefender can give you is to check very carefully which apps you download, whether they have been cloned and who the developer is. Very often, viruses hide in apps that look legitimate but are not, because they are actually copies of other popular apps.