Security News > 2020 > January > App Found in Google Play Exploits Recent Android Zero-Day
A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google's Pixel phones.
Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone.
Now, Trend Micro reveals that three malicious applications that have been available in Google Play since March 2019 are working together to compromise devices and collect user information, and that one of them exploits CVE-2019-2215.
On Pixel 2, Pixel 2 XL, Nokia 3, LG V20, Oppo F9, and Redmi 6A devices, Camero retrieves a specific exploit from the C&C - the researchers downloaded five exploits from the server - with CVE-2019-2215 and MediaTek-SU abused to achieve root before installing callCam.
A URL linking to one of the apps' Google Play pages was discovered on one of the C&C servers, Trend Micro reveals.
News URL
Related news
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Google adds Android auto-reboot to block forensic data extractions (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |