Select Page

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked.

These newly detected malicious Android apps are CameroFileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks.

According to cybersecurity researchers at Trend Micro, these apps were exploiting a critical use-after-free vulnerability in Android at least since March last year⁠—that’s 7 months before the same flaw was first discovered as zero-day when Google researcher analysed a separate attack developed by Israeli surveillance vendor NSO Group.

“We speculate that these apps have been active since March 2019 based on the certificate information on one of the apps,” the researchers said.

Tracked as CVE-2019-2215, the vulnerability is a local privilege escalation issue that allows full root compromise of a vulnerable device and could also be exploited remotely when combined with a separate browser rendering flaw.

images from Hacker News