Security News > 2020 > January > Here we go again: Software nasties slip into Google Play, exploit make-me-root Android flaw for maximum pwnage
At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks.
The malicious apps were Camero, FileCrypt, and callCam, so check if you still have them installed.
c. Successful exploitation of the flaw allows a local app to execute arbitrary code on the infected gizmo with kernel-level privileges, aka God mode.
It is not clear how many times the apps had been installed, though the reach may have been minimal as a screencap for Camero lists its installs at "5+". Interestingly, while the apps themselves have been available since March 2019, the fix for CVE-2019-2215 was only posted in the October 2019 Android security update.
The supposedly legitimate apps contacted a command and control server from which they download a pair of files that, in tandem, exploited CVE-2019-2215 to gain kernel-level privileges and installed the final piece of the scheme, the callCam app.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/07/nasty_google_play_apps/
Related news
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- ‘Pig butchering’ trading apps found on Google Play, App Store (source)
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- Over 200 malicious apps on Google Play downloaded millions of times (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |