Light Dark
May 18, 2020 By David Bisson 2 min read

Security researchers observed the newly documented Mandrake espionage platform carefully selecting Android devices for further exploitation.

Bitdefender discovered Mandrake in early 2020 while the espionage platform was in the process of conducting phishing attacks against cryptocurrency wallet applications, mobile banking programs and other financial software on Android devices. The security firm subsequently analyzed the threat and found that it had been in circulation since 2016.

In its analysis, Bitdefender found that the espionage platform selected just a handful of Android devices for further exploitation. It then used manipulation tactics, including disguising a series of powerful permission requests as an end-user license agreement, to infect those selected devices. Those rights gave the threat the ability to steal credentials, exfiltrate data and conduct secondary phishing attacks on compromised devices.

Not the Only Threat to Target Android Devices in Recent Years

Mandrake is not the only sophisticated threat that has targeted Android users. Back in 2018, for instance, Wandera spotted an Android malware family called “RedDrop” using sophisticated techniques to collect a vast amount of information from an infected device.

In March 2019, Security Without Borders uncovered “Exodus,” an Android spyware platform that targeted primarily Italian users with extensive surveillance and data-collection capabilities. More recently in April 2020, Kaspersky Lab discovered several overlaps between the “PhantomLance” operation and other attack campaigns conducted by the OceanLotus group.

How to Defend Against Mandrake

Security professionals can help defend their organizations against espionage platforms such as Mandrake by enforcing security policies that limit the types of apps that users can install on their work devices. Those policies should specifically restrict allowable installations to apps from trusted developers on official app marketplaces that have been vetted by the security team. Additionally, infosec personnel should invest in a mobile device management (MDM) solution that leverages artificial intelligence (AI) and other tools to scan for sophisticated threat behaviors.

 |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

September 16, 2024

The rising threat of cyberattacks in the restaurant industry

2 min read - The restaurant industry has been hit with a rising number of cyberattacks in the last two years, with major fast-food chains as the primary targets. Here’s a summary of the kinds of attacks to strike this industry and what happened afterward. Data breaches have been a significant issue, with several large restaurant chains experiencing incidents that compromised the sensitive information of both employees and customers. In one notable case, a breach affected 183,000 people, exposing names, Social Security numbers, driver's…

September 13, 2024

What can businesses learn from the rise of cyber espionage?

4 min read - It’s not just government organizations that need to worry about cyber espionage campaigns — the entire business world is also a target.Multipolarity has been a defining trend in geopolitics in recent years. Rivalries between the world’s great powers continue to test the limits of globalism, resulting in growing disruption to international supply chains and economics. Global political risk has reached its highest level in decades, and even though corporate attention to geopolitics has dropped since peaking in 2022, the impact…

September 12, 2024

How I got started: AI security executive

3 min read - Artificial intelligence and machine learning are becoming increasingly crucial to cybersecurity systems. Organizations need professionals with a strong background that mixes AI/ML knowledge with cybersecurity skills, bringing on board people like Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, who has a unique blend of technical and soft skills. Carignan was originally a dance major but was also working for NASA as a hardware IT engineer, which forged her path into AI and cybersecurity.Where did you go to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature