Google Play was infiltrated by Mandrake Android spyware, resulting in over 32,000 downloads of compromised apps since 2022. This sophisticated malware allowed attackers complete control over infected devices, securing sensitive data exfiltration, and used a 'seppuku' feature for self-removal after its malicious deeds, thus leaving no traces. Despite the apps remaining undetected on the official platform for a significant period, most affected users are from countries like Canada, Germany, Italy, Mexico, Spain, Peru, and the UK, with one app alone achieving over 30,000 downloads. The discovery underscores the evolving tactics of attackers and the challenges faced by marketplaces in preventing sophisticated threats.
Source: https://securityaffairs.com/166342/mobile-2/mandrake-android-spyware-google-play.html
"id": "goo002080224",
"linkid": "google",
"type": "Ransomware",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"