Researchers unearth malicious Google Play apps linked to active exploit hackers

Researchers unearth malicious Google Play apps linked to active exploit hackers

Enlarge (credit: portal gda / flickr)

Researchers have found more malicious Google Play apps, one of which exploits a serious Android rooting vulnerability so the app can take screenshots and collect other types of sensitive user information.

Camero exploits CVE-2019-2215, a potent vulnerability discovered in October by Google’s Project Zero vulnerability research group, researchers from Trend Micro reported on Monday. The use-after-free flaw makes it easy for attackers to gain full root privileges on Pixel 1 and Pixel 2 phones and a host of other Android models. Google patched the vulnerability in October, a few days after Project Zero researcher Maddie Stone reported it was likely under active attack by either exploit developer NSO Group or one of its customers. All three apps are no longer available in Play.

Camero connected to a command and control server that has links to SideWinder, the code name for a malicious hacking group that has been targeting military entities since at least 2012. The app then downloaded attack code that exploits CVE-2019-2215 or a separate exploit in the MediaTek-SU driver that installs an espionage app called callCam. callCam collected a variety of sensitive user data including:

Read 4 remaining paragraphs | Comments

https://arstechnica.com/?p=1639397

Source: Ars Technica

By:

Electric truck startup Rivian raises $1.3 billion more to challenge Tesla
Electric truck startup Rivian raises $1.3 billion more to challenge Tesla ...
Dec/23/2019
Unpatched VPN makes Travelex latest victim of “REvil” ransomware
Unpatched VPN makes Travelex latest victim of REvil ransomware ...
Jan/08/2020
Netflix drops extended Shadow and Bone teaser, announces release date
Netflix drops extended Shadow and Bone teaser, announces release date ...
Feb/27/2021
New Star Wars movie to be made by Thor: Ragnarok director?
New Star Wars movie to be made by Thor: Ragnarok director? ...
Jan/17/2020
FBI arrests man suspected of orchestrating dozens of “swatting” calls
FBI arrests man suspected of orchestrating dozens of swatting calls ...
Jan/15/2020
GirlsDoPorn website goes offline after $13M judgment, criminal charges
GirlsDoPorn website goes offline after $13M judgment, criminal charges ...
Jan/16/2020