Light Dark
May 18, 2020 By David Bisson 2 min read

Security researchers observed the newly documented Mandrake espionage platform carefully selecting Android devices for further exploitation.

Bitdefender discovered Mandrake in early 2020 while the espionage platform was in the process of conducting phishing attacks against cryptocurrency wallet applications, mobile banking programs and other financial software on Android devices. The security firm subsequently analyzed the threat and found that it had been in circulation since 2016.

In its analysis, Bitdefender found that the espionage platform selected just a handful of Android devices for further exploitation. It then used manipulation tactics, including disguising a series of powerful permission requests as an end-user license agreement, to infect those selected devices. Those rights gave the threat the ability to steal credentials, exfiltrate data and conduct secondary phishing attacks on compromised devices.

Not the Only Threat to Target Android Devices in Recent Years

Mandrake is not the only sophisticated threat that has targeted Android users. Back in 2018, for instance, Wandera spotted an Android malware family called “RedDrop” using sophisticated techniques to collect a vast amount of information from an infected device.

In March 2019, Security Without Borders uncovered “Exodus,” an Android spyware platform that targeted primarily Italian users with extensive surveillance and data-collection capabilities. More recently in April 2020, Kaspersky Lab discovered several overlaps between the “PhantomLance” operation and other attack campaigns conducted by the OceanLotus group.

How to Defend Against Mandrake

Security professionals can help defend their organizations against espionage platforms such as Mandrake by enforcing security policies that limit the types of apps that users can install on their work devices. Those policies should specifically restrict allowable installations to apps from trusted developers on official app marketplaces that have been vetted by the security team. Additionally, infosec personnel should invest in a mobile device management (MDM) solution that leverages artificial intelligence (AI) and other tools to scan for sophisticated threat behaviors.

 |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

May 6, 2024

Evolving red teaming for AI environments

2 min read - As AI becomes more ingrained in businesses and daily life, the importance of security grows more paramount. In fact, according to the IBM Institute for Business Value, 96% of executives say adopting generative AI (GenAI) makes a security breach likely in their organization in the next three years. Whether it’s a model performing unintended actions, generating misleading or harmful responses or revealing sensitive information, in the AI era security can no longer be an afterthought to innovation.AI red teaming is emerging…

May 3, 2024

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

May 2, 2024

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature