Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
First Active Attack Exploiting CVE-2019-2215 - Found on Google Play
#1
Quote:We found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that uses the use-after-free vulnerability. Interestingly, upon further investigation we also found that the three apps are likely to be part of the SideWinder threat actor group’s arsenal. SideWinder, a group that has been active since 2012, is a known threat and has reportedly targeted military entities’ Windows machines.

The three malicious apps were disguised as photography and file manager tools. We speculate that these apps have been active since March 2019 based on the certificate information on one of the apps. The apps have since been removed from Google Play.

[Image: click-here-for-more-info-button.jpg]
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Google Removed Over 1.7K Joker Malware Infected Apps from Play Mohammad.Poorya 0 1,642 01-11-2020 , 06:03 AM
Last Post: Mohammad.Poorya
  This Google Play app comes bundled with SMS trojan. baziroll 0 1,937 07-20-2017 , 12:40 AM
Last Post: baziroll

Forum Jump:


Users browsing this thread: 1 Guest(s)