The Mandrake is the name of a family of sophisticated malware on Android is back on Google Play, after a period of inactivity to significantly over two years ago. The researchers of Kaspersky have identified an activity in the past, to the family of malware, which has been an evolution of the specific in order to avoid detection systems, and to be able to continue to operate behind the scenes.
In 2016, the malware was identified for the first time by the security company Bitdefender, which later were identified as some of the techniques, especially the art. The first version of the Mandrake seemed to have acted in a way that particular spot, if they have a list of exclusions from the 90's too, and by spreading the load only to the victims of the a lot of a target. The one characteristic killer of the handle, called the “seppuku”, as found also in the Mandrake for the removal of all traces of it.
At the same time, researchers, and Bitdefender have been observed also in response to the particular, from the team behind the Mandrake, in the correction of the errors reported by the users. The Mandrake was distributed also through the application is fully functional for various types of to avoid a life of doubt and in the end, he used the techniques of the turbullimit to hide the communication with the servers for command and control.
The Mandrakes were also observed in two waves, in the period 2016-2017, and in the period of 2018-2020, according to the analysis carried out, the victims of this wave of the second, are some of the tens of thousands, and for the entire period of the exhibition. is it possible to be in the hundreds of thousands.
The post 2020 Mandrake seemed to be missing from the Google Play. However, the latest research by Kaspersky found that the malware was seen again in the year 2022, as they passed by unnoticed, until now. The new version of the Mandrake features a number of improvements to be important, especially with the addition of the techniques used to avoid the scans of the third-and the mechanisms in place to circumvent the protection of the most recent anti malware.
Discussion about this post