There is a new high-end campaign targeting Android users located in Australia with a tool called Mandrake. Of course, the cyber crooks behind the Mandrake hacking tool may choose to change their focus and target users from a different location in future campaigns. The Mandrake malware first emerged in 2016. Ever since malware analysts spotted the Mandrake threat, its creators have been introducing regular updates. The creators of the Mandrake threat have added new features, optimized old ones, removed unnecessary modules, and overall improved the hacking tool to ensure it remains very potent.
The Mandrake malware can be distributed to thousands upon thousands of users easily. However, its operators are not taking the mass-spam approach. Instead, they appear to pick their targets carefully. There are only about 500 copies active currently. The Mandrake threat can be classified as spyware, and it would appear that its authors are only deploying it to targets that have been monitored for a while.
If the Mandrake spyware compromises your Android device, it will be able to perform a large variety of tasks. Since the Mandrake threat is listed as spyware, its goal is to collect important information from the targeted hosts. It is likely that the Mandrake spyware allows its operators to get their hands on the users:
- Login credentials.
- Contacts list.
- Images and videos stored in their gallery.
- Bank account information.
- Payment details.
- Personal conversations.
Having in mind the wide array of information that the Mandrake spyware collects, it is likely that its operators may be using it for both blackmailing operations and financial fraud campaigns.
Since every targeted user seems to be approached by the attackers differently, it is likely that the victims are selected very carefully. It is likely that the Mandrake campaign is carried out by a highly-skilled and very experienced group of cybercriminals who know what they are doing exactly. Make sure your Android device is protected by a genuine, reputable anti-virus application.