File manager and photography applications present on Google Play are found to hack and track user activities.
The applications found performing these malicious activities are Camero, FileCrypt, and callCam. These applications are found to be related to Sidewinder APT, a hacking group holding their specialty in cyber espionage attacks. Security researchers have reported that these apps were exploiting a critical vulnerability in android since March last year.
CVE-2019-2215 is the vulnerability of local privilege escalation issue that allows full root compromise of a vulnerable device. The vulnerability can also be remotely used when combined with a separate browser rendering flaw. FileCrypt and Camero act as droppers, as they connect to a command and control server to download a DEX file. This DEX file further downloads the callCam app and tries to install it by exploiting privilege escalation vulnerabilities.
NPAV recommends users to always download and update apps from trusted sources. Keeping the app up-to-date will help you with the latest security patches released by the developers. Users must always pay close attention to the permission requested by the applications. Use NPAV mobile application to shield your mobile phone and data from such virus attacks.
Use NPAV and join us on a mission to secure the cyber world.