These malicious apps contain Mandrake malware, which was detected and blocked in 2020, but has now reappeared as a completely new variant.

Applications containing Mandrake malware can cleverly hide and infect users' smartphones in multiple steps, making the process of identifying and detecting applications containing this type of malware difficult.

That's why one of the apps containing the Mandrake malware that was just discovered has been on Google Play for more than two years and has tens of thousands of downloads.

Accordingly, 5 applications containing Mandrake malware have just been discovered by Kaspersky security experts: AirFS, Amber, Astro Explorer, CryptoPulsing, Brain Matrix.

The AirFS malware app had more than 10 thousand downloads on Google Play before being removed.

Once users install apps containing Mandrake, the malware silently downloads malicious components to the device before connecting to a remote hacker server.

After connecting to an external server, Mandrake malware will send important information on the smartphone to hackers such as data on the device, recording screen activity, reading messages, etc.

Mandrake malware can also create fake upgrade notifications on users' smartphones to trick them into installing additional malicious apps.

According to Kaspersky, Mandrake malware mainly infects users in countries such as the UK, Germany, Italy, Canada, Mexico, Spain, Peru, etc. It is likely that users in Vietnam have also accidentally installed applications containing Mandrake malware, although the number is not large.

Kaspersky also sent a notice about its research to Google and currently these 5 malicious applications have been removed from the Google Play app store. However, users need to check themselves to see if their smartphones have accidentally installed the above applications or not to remove them from their devices.