Security News > 2020 > January > App on Google Play exploited Android bug to deliver spyware
Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android to install the app aimed at spying on users.
The Camero app would download a DEX file from a C&C, which would then download the callCam APK file and use the CVE-2019-2215 exploit to root the device, install the app and launch it without any user interaction or the user's knowledge.
The FileCrypt Manager app would ask users to enable Android Accessibility Services and, if they did, would install and launch the callCam app.
State-sponsored hackers occasionally take advantage of Google Play to deliver malicious apps to their targets.
Google Play may host a much lesser number of malicious apps than a random third-party app marketplace, but the threat, however small, persists.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/n-NkccWdmiE/
Related news
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (source)
- Russian cyberspies target Android users with new spyware (source)
- Russian cyberspies target Android users with new spyware (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |