The Donot APT (Advanced Persistent Threat) group has been active since at least 2019 and has been known to target government agencies in the Middle East. Recently, researchers at Lookout discovered that the group has developed new malware that targets Android devices through messaging apps.
The malware, named “Mandrake,” is designed to steal sensitive information from victims, including messages, call logs, contacts, and more. The malware is spread through WhatsApp and Telegram, two popular messaging apps used by millions of people worldwide.
According to Lookout’s researchers, Mandrake works by posing as an innocuous file that is shared through a messaging app. When a victim clicks on the file, Mandrake silently installs itself on the victim’s device, without the victim’s knowledge. The malware then begins to collect data from the victim’s device and sends it back to the attacker’s command-and-control (C&C) server.
What makes Mandrake particularly dangerous is its ability to evade detection by most antivirus programs. The malware is designed to remain dormant until it detects that it is being analyzed by an antivirus program. Once it detects this, it will delete itself from the victim’s device, leaving no trace behind.
The Donot APT group has been known to use sophisticated techniques to evade detection and infiltrate their targets. Mandrake is just the latest example of their capabilities. The group has also been known to use social engineering tactics, such as posing as job recruiters or creating fake social media profiles, to gain access to their targets.
To protect yourself from Mandrake and other malware like it, it is important to take some basic security measures. First, be cautious when clicking on links or downloading files from unknown sources, especially through messaging apps. Second, keep your antivirus software up-to-date and perform regular scans of your device. Third, avoid sharing sensitive information, such as passwords or financial information, through messaging apps or other unsecured channels.
In conclusion, the Donot APT group’s development of Mandrake is a reminder that even seemingly harmless messaging apps can be used to spread dangerous malware. It is important to remain vigilant and take necessary precautions to protect your device and sensitive information from cyber threats.