Security News > 2020 > January > App on Google Play exploited Android bug to deliver spyware
Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android to install the app aimed at spying on users.
The Camero app would download a DEX file from a C&C, which would then download the callCam APK file and use the CVE-2019-2215 exploit to root the device, install the app and launch it without any user interaction or the user's knowledge.
The FileCrypt Manager app would ask users to enable Android Accessibility Services and, if they did, would install and launch the callCam app.
State-sponsored hackers occasionally take advantage of Google Play to deliver malicious apps to their targets.
Google Play may host a much lesser number of malicious apps than a random third-party app marketplace, but the threat, however small, persists.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/n-NkccWdmiE/
Related news
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- New Android spyware found on phone seized by Russian FSB (source)
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (source)
- Russian cyberspies target Android users with new spyware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in multiple products A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 7.8 |