Security News > 2020 > January > Here we go again: Software nasties slip into Google Play, exploit make-me-root Android flaw for maximum pwnage

Here we go again: Software nasties slip into Google Play, exploit make-me-root Android flaw for maximum pwnage
2020-01-07 06:53

At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks.

The malicious apps were Camero, FileCrypt, and callCam, so check if you still have them installed.

c. Successful exploitation of the flaw allows a local app to execute arbitrary code on the infected gizmo with kernel-level privileges, aka God mode.

It is not clear how many times the apps had been installed, though the reach may have been minimal as a screencap for Camero lists its installs at "5+". Interestingly, while the apps themselves have been available since March 2019, the fix for CVE-2019-2215 was only posted in the October 2019 Android security update.

The supposedly legitimate apps contacted a command and control server from which they download a pair of files that, in tandem, exploited CVE-2019-2215 to gain kernel-level privileges and installed the final piece of the scheme, the callCam app.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/07/nasty_google_play_apps/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-10-11 CVE-2019-2215 Use After Free vulnerability in multiple products
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel.
local
low complexity
google debian canonical netapp huawei CWE-416
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4216 4506 727 9702