Security News > 2020 > January > Here we go again: Software nasties slip into Google Play, exploit make-me-root Android flaw for maximum pwnage
At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks.
The malicious apps were Camero, FileCrypt, and callCam, so check if you still have them installed.
c. Successful exploitation of the flaw allows a local app to execute arbitrary code on the infected gizmo with kernel-level privileges, aka God mode.
It is not clear how many times the apps had been installed, though the reach may have been minimal as a screencap for Camero lists its installs at "5+". Interestingly, while the apps themselves have been available since March 2019, the fix for CVE-2019-2215 was only posted in the October 2019 Android security update.
The supposedly legitimate apps contacted a command and control server from which they download a pair of files that, in tandem, exploited CVE-2019-2215 to gain kernel-level privileges and installed the final piece of the scheme, the callCam app.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/07/nasty_google_play_apps/
Related news
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- New North Korean Android spyware slips onto Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Exploits for unpatched Parallels Desktop flaw give root on Macs (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- How Google tracks Android device users before they've even opened an app (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google expands Android AI scam detection to more Pixel devices (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- Google Gemini's Astra (screen sharing) rolls out on Android for some users (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |