Her researchers Bitdefender have revealed a new one espionage business, aimed at Android users, and mostly users of Australia. According to the company, the malware used in this business, it's the Mandrake spyware. It is a highly sophisticated spyware that is said to have been used in espionage campaigns for four years.
Bitdefender said it has noticed one the rapid increase of attacks in Australia for the last two years. This is probably due to the fact that Australians use mobile banking a lot. Most attacks that we see in Australia are made with banking trojans.
To date, the research team has seen Mandrake spyware targeting its Australian users Google ChromeOf gmail, ANZ Australia, Commonwealth Bank of Australia, Bank of Melbourne Mobile Banking Bank, Bank of SA, Australian Super and PayPal applications.
Lead researcher Marius Tivadar says they have been discovered in just two months 500 victims from Australia, that Android Appliances they were infected with Mandrake spyware. The researcher warned that the number of victims can be much larger.
Bitdefender says criminals use spyware to attack individually and not en masse. Mandrake is well designed and has received many improvements over the past four years to make it more efficient.
"Weaponisation will take place after a period of complete surveillance of the victim's device." The attacker can record the victim's screen, see their preferences, monitor the time and the way the device is used but the time not used (idle time).
It also has the ability to reduce the volume of the phone and to blocks calls or messages.
“Beyond that, the attacker could do anything, from her theft credentials and information until money transfers and extortion"He added.
The first attack with Mandrake spyware was observed on January 31, 2016.
Tivadar said the attackers appeared to be interested only in some "special kind of consumer". They are interested in the Android users they can benefit from.
“We have seen that the attacks are done manually. This is extremely unusual, as each victim is analyzed separately and the attacker acts according to the target, ”Tivadar explained. “This also tells us that it cannot be a single project hacker. It could even be a collaborative project, that is, "selling" them victims to other hackers ”.
The first wave of attacks, which took place in 2016-2017, targeted Android users on United Kingdom, USA, Germany and the Netherlands. The present ones attacks (2018-20200 mainly target the Australia, though they continue to USA, Canada and Europe.