Security News > 2020 > January > App Found in Google Play Exploits Recent Android Zero-Day
A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google's Pixel phones.
Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone.
Now, Trend Micro reveals that three malicious applications that have been available in Google Play since March 2019 are working together to compromise devices and collect user information, and that one of them exploits CVE-2019-2215.
On Pixel 2, Pixel 2 XL, Nokia 3, LG V20, Oppo F9, and Redmi 6A devices, Camero retrieves a specific exploit from the C&C - the researchers downloaded five exploits from the server - with CVE-2019-2215 and MediaTek-SU abused to achieve root before installing callCam.
A URL linking to one of the apps' Google Play pages was discovered on one of the C&C servers, Trend Micro reveals.
News URL
Related news
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |