Security News > 2020 > January > App Found in Google Play Exploits Recent Android Zero-Day
A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google's Pixel phones.
Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone.
Now, Trend Micro reveals that three malicious applications that have been available in Google Play since March 2019 are working together to compromise devices and collect user information, and that one of them exploits CVE-2019-2215.
On Pixel 2, Pixel 2 XL, Nokia 3, LG V20, Oppo F9, and Redmi 6A devices, Camero retrieves a specific exploit from the C&C - the researchers downloaded five exploits from the server - with CVE-2019-2215 and MediaTek-SU abused to achieve root before installing callCam.
A URL linking to one of the apps' Google Play pages was discovered on one of the C&C servers, Trend Micro reveals.
News URL
Related news
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |