Security News > 2020 > January > App Found in Google Play Exploits Recent Android Zero-Day
A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google's Pixel phones.
Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone.
Now, Trend Micro reveals that three malicious applications that have been available in Google Play since March 2019 are working together to compromise devices and collect user information, and that one of them exploits CVE-2019-2215.
On Pixel 2, Pixel 2 XL, Nokia 3, LG V20, Oppo F9, and Redmi 6A devices, Camero retrieves a specific exploit from the C&C - the researchers downloaded five exploits from the server - with CVE-2019-2215 and MediaTek-SU abused to achieve root before installing callCam.
A URL linking to one of the apps' Google Play pages was discovered on one of the C&C servers, Trend Micro reveals.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- ‘Pig butchering’ trading apps found on Google Play, App Store (source)
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- Over 200 malicious apps on Google Play downloaded millions of times (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |