Security News > 2020 > January > Here we go again: Software nasties slip into Google Play, exploit make-me-root Android flaw for maximum pwnage
At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks.
The malicious apps were Camero, FileCrypt, and callCam, so check if you still have them installed.
c. Successful exploitation of the flaw allows a local app to execute arbitrary code on the infected gizmo with kernel-level privileges, aka God mode.
It is not clear how many times the apps had been installed, though the reach may have been minimal as a screencap for Camero lists its installs at "5+". Interestingly, while the apps themselves have been available since March 2019, the fix for CVE-2019-2215 was only posted in the October 2019 Android security update.
The supposedly legitimate apps contacted a command and control server from which they download a pair of files that, in tandem, exploited CVE-2019-2215 to gain kernel-level privileges and installed the final piece of the scheme, the callCam app.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/07/nasty_google_play_apps/
Related news
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- Fake WalletConnect app on Google Play steals Android users’ crypto (source)
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- Google Patches New Android Kernel Vulnerability Exploited in the Wild (source)
- Google splats device-hijacking exploited-in-the-wild Android kernel bug among others (source)
- Google: Gemini AI for Android processes sensitive data locally (source)
- Google says it's focusing on privacy with Gemini AI on Android (source)
- Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign (source)
- Google Removing Poor-Quality Android Apps From Play Store to Boost Engagement (source)
- Google backports fix for Pixel EoP flaw to other Android devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |