Trend Micro team of researchers has identified three malicious apps available on Google Play Store, exploiting serious Android kernel vulnerability.
The apps identified to be callCam, Camero, and FileCrypt are mainly photography tools related programs, which are using a Binder vulnerability that is already classified as CVE-2019-2215. It is basically, an interprocess communication method in every mobile phone OS that is being exploited.
See: Flaw authorizes attackers to spy on users through Android camera
The vulnerability was first identified by Maddie Stone from Project Zero in October last year. It is a local privilege related issue using which any vulnerable device can be full root compromised. If used in combination with another browser rendering flaw, this vulnerability can be exploited remotely as well.
This user-after-free Android vulnerability, as per Trend Micro researchers, has been in use since March, which is around 7 months before it was reported about as a zero-day vulnerability developed by the NSO Group of Israel. The apps have also been active since the same time according to researchers.
“We speculate that these apps have been active since March 2019 based on the certificate information on one of the apps,” researchers wrote in their detailed article, Trend Micro said in their blog post.
The thre ..
Support the originator by clicking the read the rest link below.
