{"id":55369,"date":"2024-07-30T23:00:04","date_gmt":"2024-07-30T23:00:04","guid":{"rendered":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/"},"modified":"2024-07-30T23:00:04","modified_gmt":"2024-07-30T23:00:04","slug":"mysterious-family-of-malware-hid-in-google-play-for-years","status":"publish","type":"post","link":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/","title":{"rendered":"Mysterious family of malware hid in Google Play for years"},"content":{"rendered":"<div>\n<div id=\"rss-wrap\">\n<figure class=\"intro-image intro-left\">\n  <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/05\/phone-malware-800x532.jpg\" alt=\"An image illustrating a phone infected with malware\" \/><\/p>\n<p class=\"caption\" style=\"font-size:0.8em\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/05\/phone-malware.jpg\" class=\"enlarge-link\" data-height=\"665\" data-width=\"1000\">Enlarge<\/a> <\/p>\n<\/figure>\n<div><a name=\"page-1\"><\/a><\/div>\n<p>A mysterious family of Android malware with a demonstrated history of effectively concealing its myriad spying activities has once again been found in Google Play after more than two years of hiding in plain sight.<\/p>\n<p>The apps, disguised as file-sharing, astronomy, and cryptocurrency apps, hosted Mandrake, a family of highly intrusive malware that security firm Bitdefender <a href=\"https:\/\/www.bitdefender.com\/files\/News\/CaseStudies\/study\/329\/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf\">called out<\/a> in 2020. Bitdefender said the apps appeared in two waves, one in 2016 through 2017 and again in 2018 through 2020. Mandrake\u2019s ability to go unnoticed then was the result of some unusually rigorous steps to fly under the radar. They included:<\/p>\n<ul>\n<li aria-level=\"1\">Not working in 90 countries, including those comprising the former Soviet Union<\/li>\n<li aria-level=\"1\">Delivering its final payload only to victims who were extremely narrowly targeted<\/li>\n<li aria-level=\"1\">Containing a kill switch the developers named seppuku (Japanese form of ritual suicide) that fully wiped all traces of the malware<\/li>\n<li aria-level=\"1\">Fully functional decoy apps in categories including finance, Auto &amp; Vehicles, Video Players &amp; Editors, Art &amp; Design, and Productivity<\/li>\n<li aria-level=\"1\">Quick fixes for bugs reported in comments<\/li>\n<li aria-level=\"1\">TLS <a href=\"https:\/\/owasp.org\/www-community\/controls\/Certificate_and_Public_Key_Pinning\">certificate pinning<\/a> to conceal communications with command and control servers.<\/li>\n<\/ul>\n<h2>Lurking in the shadows<\/h2>\n<p>Bitdefender estimated the number of victims in the tens of thousands for the 2018 to 2020 wave and \u201cprobably hundreds of thousands throughout the full 4-year period.\u201d<\/p>\n<\/div>\n<p><a href=\"https:\/\/arstechnica.com\/?p=2040171#p3\">Read 6 remaining paragraphs<\/a> | <a href=\"https:\/\/arstechnica.com\/?p=2040171&amp;comments=1\">Comments<\/a><\/p>\n<\/div>\n<p class=\"wpematico_credit\"><small>Powered by <a href=\"http:\/\/www.wpematico.com\" target=\"_blank\" rel=\"noopener\">WPeMatico<\/a><\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Enlarge A mysterious family of Android malware with a demonstrated history of effectively concealing its myriad spying activities has once again been found in Google Play after more than two years of hiding in plain sight. The apps, disguised as file-sharing, astronomy, and cryptocurrency apps, hosted Mandrake, a family of highly intrusive malware that security firm Bitdefender called out in 2020. Bitdefender said the apps appeared in two waves, one&#8230;<\/p>\n","protected":false},"author":1,"featured_media":55370,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[241],"tags":[],"class_list":["post-55369","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mysterious family of malware hid in Google Play for years - UshopWell.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mysterious family of malware hid in Google Play for years - UshopWell.com\" \/>\n<meta property=\"og:description\" content=\"Enlarge A mysterious family of Android malware with a demonstrated history of effectively concealing its myriad spying activities has once again been found in Google Play after more than two years of hiding in plain sight. The apps, disguised as file-sharing, astronomy, and cryptocurrency apps, hosted Mandrake, a family of highly intrusive malware that security firm Bitdefender called out in 2020. Bitdefender said the apps appeared in two waves, one...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/\" \/>\n<meta property=\"og:site_name\" content=\"UshopWell.com\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-30T23:00:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/07\/phone-malware-800x532-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"532\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"UShopWell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"UShopWell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/\"},\"author\":{\"name\":\"UShopWell\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/person\\\/6fd1f9e0ff932e534c86c70d5acff0fc\"},\"headline\":\"Mysterious family of malware hid in Google Play for years\",\"datePublished\":\"2024-07-30T23:00:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/\"},\"wordCount\":225,\"publisher\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/phone-malware-800x532-1.jpg\",\"articleSection\":[\"Technology\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/\",\"name\":\"Mysterious family of malware hid in Google Play for years - UshopWell.com\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/phone-malware-800x532-1.jpg\",\"datePublished\":\"2024-07-30T23:00:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/#primaryimage\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/phone-malware-800x532-1.jpg\",\"contentUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/phone-malware-800x532-1.jpg\",\"width\":800,\"height\":532},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/mysterious-family-of-malware-hid-in-google-play-for-years\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mysterious family of malware hid in Google Play for years\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#website\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\",\"name\":\"UshopWell.com\",\"description\":\"The Premiere Online Marketplace\",\"publisher\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\",\"name\":\"UshopWell\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/pandaSwea.png\",\"contentUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/pandaSwea.png\",\"width\":365,\"height\":359,\"caption\":\"UshopWell\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/person\\\/6fd1f9e0ff932e534c86c70d5acff0fc\",\"name\":\"UShopWell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"caption\":\"UShopWell\"},\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/author\\\/kburnettu\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mysterious family of malware hid in Google Play for years - UshopWell.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/","og_locale":"en_US","og_type":"article","og_title":"Mysterious family of malware hid in Google Play for years - UshopWell.com","og_description":"Enlarge A mysterious family of Android malware with a demonstrated history of effectively concealing its myriad spying activities has once again been found in Google Play after more than two years of hiding in plain sight. The apps, disguised as file-sharing, astronomy, and cryptocurrency apps, hosted Mandrake, a family of highly intrusive malware that security firm Bitdefender called out in 2020. Bitdefender said the apps appeared in two waves, one...","og_url":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/","og_site_name":"UshopWell.com","article_published_time":"2024-07-30T23:00:04+00:00","og_image":[{"width":800,"height":532,"url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/07\/phone-malware-800x532-1.jpg","type":"image\/jpeg"}],"author":"UShopWell","twitter_card":"summary_large_image","twitter_misc":{"Written by":"UShopWell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/#article","isPartOf":{"@id":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/"},"author":{"name":"UShopWell","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/person\/6fd1f9e0ff932e534c86c70d5acff0fc"},"headline":"Mysterious family of malware hid in Google Play for years","datePublished":"2024-07-30T23:00:04+00:00","mainEntityOfPage":{"@id":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/"},"wordCount":225,"publisher":{"@id":"https:\/\/ushopwell.com\/ublog\/#organization"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/#primaryimage"},"thumbnailUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/07\/phone-malware-800x532-1.jpg","articleSection":["Technology"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/","url":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/","name":"Mysterious family of malware hid in Google Play for years - UshopWell.com","isPartOf":{"@id":"https:\/\/ushopwell.com\/ublog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/#primaryimage"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/#primaryimage"},"thumbnailUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/07\/phone-malware-800x532-1.jpg","datePublished":"2024-07-30T23:00:04+00:00","breadcrumb":{"@id":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/#primaryimage","url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/07\/phone-malware-800x532-1.jpg","contentUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/07\/phone-malware-800x532-1.jpg","width":800,"height":532},{"@type":"BreadcrumbList","@id":"https:\/\/ushopwell.com\/ublog\/mysterious-family-of-malware-hid-in-google-play-for-years\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ushopwell.com\/ublog\/"},{"@type":"ListItem","position":2,"name":"Mysterious family of malware hid in Google Play for years"}]},{"@type":"WebSite","@id":"https:\/\/ushopwell.com\/ublog\/#website","url":"https:\/\/ushopwell.com\/ublog\/","name":"UshopWell.com","description":"The Premiere Online Marketplace","publisher":{"@id":"https:\/\/ushopwell.com\/ublog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ushopwell.com\/ublog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/ushopwell.com\/ublog\/#organization","name":"UshopWell","url":"https:\/\/ushopwell.com\/ublog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/logo\/image\/","url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2018\/01\/pandaSwea.png","contentUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2018\/01\/pandaSwea.png","width":365,"height":359,"caption":"UshopWell"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/person\/6fd1f9e0ff932e534c86c70d5acff0fc","name":"UShopWell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","caption":"UShopWell"},"url":"https:\/\/ushopwell.com\/ublog\/author\/kburnettu\/"}]}},"_links":{"self":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts\/55369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/comments?post=55369"}],"version-history":[{"count":0,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts\/55369\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/media\/55370"}],"wp:attachment":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/media?parent=55369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/categories?post=55369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/tags?post=55369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}