Researchers unearth malicious Google Play apps linked to active exploit hackers

by
Dan Goodin
from Ars Technica - All content on (#4XGTA)
android-malware.jpg

Enlarge (credit: portal gda / flickr)

Researchers have found more malicious Google Play apps, one of which exploits a serious Android rooting vulnerability so the app can take screenshots and collect other types of sensitive user information.

Camero exploits CVE-2019-2215, a potent vulnerability discovered in October by Google's Project Zero vulnerability research group, researchers from Trend Micro reported on Monday. The use-after-free flaw makes it easy for attackers to gain full root privileges on Pixel 1 and Pixel 2 phones and a host of other Android models. Google patched the vulnerability in October, a few days after Project Zero researcher Maddie Stone reported it was likely under active attack by either exploit developer NSO Group or one of its customers. All three apps are no longer available in Play.

Camero connected to a command and control server that has links to SideWinder, the code name for a malicious hacking group that has been targeting military entities since at least 2012. The app then downloaded attack code that exploits CVE-2019-2215 or a separate exploit in the MediaTek-SU driver that installs an espionage app called callCam. callCam collected a variety of sensitive user data including:

Read 4 remaining paragraphs | Comments

index?i=O4Jjo5c6T6w:XyLWWJMYi_M:V_sGLiPB index?i=O4Jjo5c6T6w:XyLWWJMYi_M:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments