Mandrake is accused of interfering with several apps including Bank of SA, Gmail, Google Chrome, ANZ Australia. The operation with the mission to spy on Australian Android users has been revealed by the Bitdefender security team investigation. At the beginning of the year, Mandrake was created, but the spyware platform has been operating for about four years already. In general, Australia is believed to be a high profile target for many trojans. The reason for that is the active usage of online banking by Aussies than any other country. Hence, Bitdefender has noticed that the number of hacks within the last two years has increased drastically.
As for now, the apps targeted by Mandrake include Commonwealth Bank of Australis, Bank of Melbourne, PayPal and Australian Super. Marius Tivadar is in charge of the investigation of these cyberattacks. He claimed that currently, they are looking into 500 devices that were attacked within the last two months. He warns though, that the actual number of victims is higher.
Mandrake’s spyware Capabilities
Taking into account the fact that the estimated time of functioning of the Mandrake platform is about four years it went through lots of upgrading. More and more functions were added and bugs eliminated. The system is working by attacking an individual device. It supposedly has access to the use of the device, screen recording, times of inactivity and even fixing the volume on the phone and blocking messages. Besides, it looks like a human-operated system, not an automated one, according to Mr. Tivadar. For the hacker, it means that he can get a lot of vital personal information that can be used for blackmailing or stealing of credentials.
Mandrake’s spyware outreach
The initial attacks were traced back to 2016. Analyzing them leads investigators to the realization that it is not a work of an individual, but a collective. Their potential victims have a lot in common and can be defined as a certain type of user that can bring benefits to a hacker.
Within 2016- 2017 the waves of attacks were coming through the US, Germany, UK, and the Netherlands. On the other hand, the current wave is targetting Aussie users more. As it was mentioned before, Australia’s economics is quite strong at the moment, with a high GDP. It is probably the reason why the country became a bounty for hackers.