Jump directly to the content

FIVE apps with potentially dangerous spyware tech have managed to stay on the Google Play Store undetected for two years, according to experts.

The group of apps snuck past checks and have been downloaded more than 32,000 times since 2022.

The most popular of the bunch is an app called AirFS - File sharing via Wi-Fi
1
The most popular of the bunch is an app called AirFS - File sharing via Wi-FiCredit: Kaspersky

So-called "Mandrake" spyware has been known to cyber security pros since 2016.

But Kaspersky has reported on a new version of "Mandrake" affecting Android with ";new layers of obfuscation and evasion techniques".

"The main distinguishing feature of the new Mandrake variant was layers of obfuscation designed to bypass Google Play checks and hamper analysis," Kaspersky says.

"We discovered five applications containing Mandrake, with more than 32,000 total downloads."

Read more about Android

Worryingly, most downloads have originated from the UK, as well Canada, Germany, Italy, Mexico, Spain and Peru.

Once installed, the spyware is capable of collecting data, recording and monitoring your screen and even simulating swipes and taps.

In the very worst case scenario, these could be used by hackers to break into your private accounts, especially bank accounts.

It's also able to install more malicious apps and display fake notifications to lure you into downloading more dangerous content.

"After the applications of the first campaign stayed undetected for four years, the current campaign lurked in the shadows for two years, while still available for download on Google Play," Kaspersky continued.

"This highlights the threat actors’ formidable skills, and also that stricter controls for applications before being published in the markets only translate into more sophisticated, harder-to-detect threats sneaking into official app marketplaces."

Google reveals clever trick to prevent thieves from emptying your accounts on the Android 15

The five apps in question have since been banned.

In a statement to , Google said: "Google Play Protect is continuously improving with each app identified.

"We're always enhancing its capabilities, including upcoming live threat detection to help combat obfuscation and anti-evasion techniques.

"Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.

"Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."

If you don't have Google Play Protect enabled or want to be sure you've not downloaded any of the apps in question, check the list below and delete any you find now.

  • AirFS - File sharing via Wi-Fi - By it9042
  • Astro Explorer - By shevabad
  • Amber - By kodaslda
  • CryptoPulsing - By shevabad
  • Brain Matrix - By kodaslda

Must-know Android tips to boost your phone

Get the most out of your Android smartphone with these little-known hacks:

Topics