SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks.
This is according to eggheads at Trend Micro, who found that the since-removed applications were all abusing a use-after-free() flaw in the operating system to elevate their privileges, and pull down and run further malware from a command-and-control server. The malicious apps were Camero, FileCrypt, and callCam, so check if you still have them installed.
"The three malicious apps were disguised as photography and file manager tools," said Trend researchers Ecular Xu and Joseph Chen on Monday.
"We speculate that these apps have been active since March 2019 based on the certificate information on one of the apps."
The exploited programming blunder was CVE-2019-2215, a use-after-free() vulnerability present in the inter-process messaging system of the Android kernel, specifically in binder.c. Successful exploitation of the flaw allows a local app to execute arbitrary code on the infected gizmo with kernel-level privileges, aka God mode.
It is not clear how many times the apps had been installed, though the reach may have been minimal as a screencap for Camero lists its installs at "5+".
[...] It is believed that, based on the command and control servers, the group behind the infections is the SideWinder crew, a hacking operation active since 2012. The team is believed to have largely targeted government and military systems in Pakistan and has until now relied mostly on exploits and malware for Windows PCs.
(Score: 0) by Anonymous Coward on Thursday January 09 2020, @01:04AM
Important tip for software security! Do not call use-after-free(), and do not use things that allow hyphens in identifiers, such as XML.