Ransomware cyber

Google

Aug 2, 2024 1 min read
Google

Google Play was infiltrated by Mandrake Android spyware, resulting in over 32,000 downloads of compromised apps since 2022. This sophisticated malware allowed attackers complete control over infected devices, securing sensitive data exfiltration, and used a 'seppuku' feature for self-removal after its malicious deeds, thus leaving no traces. Despite the apps remaining undetected on the official platform for a significant period, most affected users are from countries like Canada, Germany, Italy, Mexico, Spain, Peru, and the UK, with one app alone achieving over 30,000 downloads. The discovery underscores the evolving tactics of attackers and the challenges faced by marketplaces in preventing sophisticated threats.

Source: https://securityaffairs.com/166342/mobile-2/mandrake-android-spyware-google-play.html

TPRM report: https://scoringcyber.rankiteo.com/company/google

"id": "goo002080224",
"linkid": "google",
"type": "Ransomware",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Over 32,000',
                        'industry': 'Technology',
                        'name': 'Google Play',
                        'type': 'Marketplace'}],
 'attack_vector': 'Compromised Apps',
 'data_breach': {'data_exfiltration': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive Data'},
 'description': 'Google Play was infiltrated by Mandrake Android spyware, '
                'resulting in over 32,000 downloads of compromised apps since '
                '2022. This sophisticated malware allowed attackers complete '
                'control over infected devices, securing sensitive data '
                "exfiltration, and used a 'seppuku' feature for self-removal "
                'after its malicious deeds, thus leaving no traces. Despite '
                'the apps remaining undetected on the official platform for a '
                'significant period, most affected users are from countries '
                'like Canada, Germany, Italy, Mexico, Spain, Peru, and the UK, '
                'with one app alone achieving over 30,000 downloads. The '
                'discovery underscores the evolving tactics of attackers and '
                'the challenges faced by marketplaces in preventing '
                'sophisticated threats.',
 'impact': {'data_compromised': 'Sensitive Data',
            'systems_affected': 'Android Devices'},
 'initial_access_broker': {'entry_point': 'Compromised Apps'},
 'lessons_learned': 'The discovery underscores the evolving tactics of '
                    'attackers and the challenges faced by marketplaces in '
                    'preventing sophisticated threats.',
 'motivation': 'Data Exfiltration',
 'post_incident_analysis': {'root_causes': 'Download of malicious apps'},
 'title': 'Google Play Infiltrated by Mandrake Android Spyware',
 'type': 'Malware',
 'vulnerability_exploited': 'Download of malicious apps'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.