Security News > 2020 > January > App on Google Play exploited Android bug to deliver spyware
Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android to install the app aimed at spying on users.
The Camero app would download a DEX file from a C&C, which would then download the callCam APK file and use the CVE-2019-2215 exploit to root the device, install the app and launch it without any user interaction or the user's knowledge.
The FileCrypt Manager app would ask users to enable Android Accessibility Services and, if they did, would install and launch the callCam app.
State-sponsored hackers occasionally take advantage of Google Play to deliver malicious apps to their targets.
Google Play may host a much lesser number of malicious apps than a random third-party app marketplace, but the threat, however small, persists.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/n-NkccWdmiE/
Related news
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Over 90 malicious Android apps with 5.5M installs found on Google Play (source)
- Google rejected 2.28 million risky Android apps from Play store in 2023 (source)
- Google now pays up to $450,000 for RCE bugs in some Android apps (source)
- Bug hunters can get up to $450,000 for an RCE in Google’s Android apps (source)
- Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials (source)
- Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android (source)
- Google Launches AI-Powered Theft and Data Protection Features for Android Devices (source)
- Google patches exploited Android zero-day on Pixel devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2019-2215 | Use After Free vulnerability in Google Android A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. | 4.6 |