Security News > 2020 > January > App on Google Play exploited Android bug to deliver spyware
Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android to install the app aimed at spying on users.
The Camero app would download a DEX file from a C&C, which would then download the callCam APK file and use the CVE-2019-2215 exploit to root the device, install the app and launch it without any user interaction or the user's knowledge.
The FileCrypt Manager app would ask users to enable Android Accessibility Services and, if they did, would install and launch the callCam app.
State-sponsored hackers occasionally take advantage of Google Play to deliver malicious apps to their targets.
Google Play may host a much lesser number of malicious apps than a random third-party app marketplace, but the threat, however small, persists.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/n-NkccWdmiE/
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Google Play, Apple App Store apps caught stealing crypto wallets (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |