Security News > 2020 > January > App Found in Google Play Exploits Recent Android Zero-Day
A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google's Pixel phones.
Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone.
Now, Trend Micro reveals that three malicious applications that have been available in Google Play since March 2019 are working together to compromise devices and collect user information, and that one of them exploits CVE-2019-2215.
On Pixel 2, Pixel 2 XL, Nokia 3, LG V20, Oppo F9, and Redmi 6A devices, Camero retrieves a specific exploit from the C&C - the researchers downloaded five exploits from the server - with CVE-2019-2215 and MediaTek-SU abused to achieve root before installing callCam.
A URL linking to one of the apps' Google Play pages was discovered on one of the C&C servers, Trend Micro reveals.
News URL
Related news
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- Fake WalletConnect app on Google Play steals Android users’ crypto (source)
- Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users (source)
- Google Patches New Android Kernel Vulnerability Exploited in the Wild (source)
- Google splats device-hijacking exploited-in-the-wild Android kernel bug among others (source)
- Google: Gemini AI for Android processes sensitive data locally (source)
- Google says it's focusing on privacy with Gemini AI on Android (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |