A newly uncovered strain of Android spyware lurked on the Google Play Store disguised as cryptocurrency wallet Coinbase, among other things, for up to four years, according to a new report by Bitdefender.
The malware, named Mandrake by the threat intelligence agency, featured a three-part structure that allowed its operators to evade detection by routine Google scanning.
Beginning with an innocuous-looking dropper hosted on the Google Play store, masquerading as one of a number of legitimate apps, Mandrake allowed its Russian operators to snoop on virtually everything unsuspecting targets did on their mobile phone.
"The crew might be based in either Russia or Kazakhstan," Bogdan Botezatu, director of threat research and reporting at Bitdefender, told The Register.
Mandrake malware... fully compromised the target device, granting itself device admin privileges to forward all incoming SMS messages to the operators' server or a ..
Support the originator by clicking the read the rest link below.
