Security News > 2020 > January > 3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone-even if downloaded from the official Google Store store-you have been hacked and being tracked.
These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks.
According to cybersecurity researchers at Trend Micro, these apps were exploiting a critical use-after-free vulnerability in Android at least since March last year-that's 7 months before the same flaw was first discovered as zero-day when Google researcher analysed a separate attack developed by Israeli surveillance vendor NSO Group.
The malicious apps also try to exploit a separate vulnerability in the MediaTek-SU driver to get root privilege and stay persistent on a wide range of Android handsets.
How to Protect Android Phone from Malware Google has now removed all the above-mentioned malicious apps from Play Store, but since Google systems are not sufficient to keep bad apps out of the official store, you have to be very careful about downloading apps.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/gXdTFvgA_as/android-zero-day-malware-apps.html
Related news
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- New North Korean Android spyware slips onto Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- Serbian police used Cellebrite zero-day hack to unlock Android phones (source)