May 18, 2020 By David Bisson 2 min read

Security researchers observed the newly documented Mandrake espionage platform carefully selecting Android devices for further exploitation.

Bitdefender discovered Mandrake in early 2020 while the espionage platform was in the process of conducting phishing attacks against cryptocurrency wallet applications, mobile banking programs and other financial software on Android devices. The security firm subsequently analyzed the threat and found that it had been in circulation since 2016.

In its analysis, Bitdefender found that the espionage platform selected just a handful of Android devices for further exploitation. It then used manipulation tactics, including disguising a series of powerful permission requests as an end-user license agreement, to infect those selected devices. Those rights gave the threat the ability to steal credentials, exfiltrate data and conduct secondary phishing attacks on compromised devices.

Not the Only Threat to Target Android Devices in Recent Years

Mandrake is not the only sophisticated threat that has targeted Android users. Back in 2018, for instance, Wandera spotted an Android malware family called “RedDrop” using sophisticated techniques to collect a vast amount of information from an infected device.

In March 2019, Security Without Borders uncovered “Exodus,” an Android spyware platform that targeted primarily Italian users with extensive surveillance and data-collection capabilities. More recently in April 2020, Kaspersky Lab discovered several overlaps between the “PhantomLance” operation and other attack campaigns conducted by the OceanLotus group.

How to Defend Against Mandrake

Security professionals can help defend their organizations against espionage platforms such as Mandrake by enforcing security policies that limit the types of apps that users can install on their work devices. Those policies should specifically restrict allowable installations to apps from trusted developers on official app marketplaces that have been vetted by the security team. Additionally, infosec personnel should invest in a mobile device management (MDM) solution that leverages artificial intelligence (AI) and other tools to scan for sophisticated threat behaviors.

More from

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today