Still dangers for Android smartphone owners. Trend Micro has discovered three very dangerous apps that can steal smartphone data
Bad news for Android smartphone owners and yet another bad impression for Google: Trend Micro has found three very dangerous apps in the Play Store that can exploit the CVE-2019-2215 vulnerability in the Android operating system.
The CVE-2019-2215 vulnerability affects the Binder component (an Android service that allows different processes to communicate with each other) and allows those who know how to exploit it to gain the highest system privileges in a short time. All this is done without the user being able to notice anything or having to do anything except download and install the malicious app. Once they have the highest privileges, these three apps can do whatever they want on our smartphones, as they have free access to all components of the device, including the storage memory, the camera and the microphone.
Dangerous apps: how they work
The three apps discovered by Trend Micro all work in the same way: after installing the app on our smartphone, it downloads a file with a .DEX extension on its own. That is, a file containing executable code, which in turn downloads other code. The one that is really dangerous for our smartphone. The mechanism, then, relies on two "Droppers" to download the malware (which then proceeds to infect the smartphone) and this increases the ability of the three apps to pass for legitimate apps on the Play Store: each of these three apps, in fact, by itself would not be able to do anything dangerous without making the two subsequent steps.
Dangerous apps: what they are and who develops them
All three apps reported by Trend Micro have been removed from the Google Play Store. They are Camero, a photography app, FileCrypt Manager, a file manager with encryption capabilities, and callCamm, a video calling app. The first and the last are officially developed by Samson Sellers, while the second by Teresa Trujillo. As always, these are fictional names and someone else is behind them. In this case, according to Trend Micro, someone very big and very dangerous is behind it: the hacker group SideWinder, which has been active since 2012 and in the past has mainly hit Pakistani military IT facilities. The apps removed by Google after Trend Micro's report had been on the Play Store since at least March 2019.