Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android (CVE-2019-2215) to install the app aimed at spying on users.
About CVE-2019-2215
The existence of CVE-2019-2215 was discovered in late 2019 when it was spotted being exploited in the wild.
Researchers with Google’s Threat Analysis Group and other external parties believe that the exploit originated with NSO Group, an Israel-based company that specializes in lawful surveillance software and whose Pegasus mobile spyware is abused by oppressive regimes to spy on “enemies”.
At the time, the Android team considered the bug to be of high severity and pointed out that a malicious application has to be installed on the target device to perform the exploit.
