Tuesday, March 4.
  • Cybersecurity

    3 PlayStore App Detected with Spyware and Trojan.

    If you have any of the listed android apps mentioned below, even if it was downloaded on Official "Google Store"! because If you have any of these apps, "You have been hacked!" and you're being tracked.
    images+%252844%2529

    These newly detected Malware Android apps are Camero, callCam and FileCrypt, these apps are believed to have link with Sidewinder APT,  this is a hacking group that are belived to have carried various Cyber attack, by gaining access to one's files illegally, they are also known for commiting Cyber Espionage attacks.
    A report as published by some Cyber Security researchers at Trend Micro, stated these apps were exploiting a critical use-after-free vulnerability on Android, this has been detected since March last, which is 7 months before the same flaw was discovered as "Zero-day" as analyzed by Google cyber team and researchers which same attack was discovered and was exploited by some Israeli surveillance vendor NSO group.
    images+%252846%2529

    "It has been discovered that these vulnerabilities in apps were detected since March 2019, this was based on the Certificate informations gotten from one the apps,
    These malicious acts is done without the user or owner aware of the attack, as you really do not need to trigger the app to steal your files,  it does that easily without your consent. These apps were program to evade detection as it employs different approach to escape detection, this approach includes .

    • Obfuscation 
    • Data encryption 
    • Invoking dynamic code. 
    As said by the researcher.

    How does these apps works? 

    The user only need to install the app,  the app callCalm immediately hides its icon and starts "collecting " the following listed informations from the device, after doing that, it immediately sends the Information collected to hacker C&C server in the background:

    • Location
    • Battery status
    • Files on device
    • Installed app list
    • Device information
    • Sensor information
    • Camera information
    • Screenshot
    • Account
    • Wifi information
    • Data from WeChat, Outlook, Twitter, Yahoo Mail, Facebook, Gmail, and Chrome.

    These attack termed CVE-2019-2215, Also try  to exploit a separate vulnerability in the MediaTek-SU driver to get root privilege and stay persistent on a wide range of Android handsets. Maybe you don't know how bad this is . This Malware secretly root your device enabling it having full access to your device without your consent, it is to download malicious apps without your consent , these apps are categorized as spywares.
    images+%252845%2529
    Root your phone and control activities without your consent. 

    According to Trend Micro, FileCrypt Manager and Camero act as droppers and connect to a remote command and control server to download a DEX file, which then downloads the callCam app and tries to install it by exploiting privilege escalation vulnerabilities or abusing accessibility feature.

    If you have any of those Apps please remove them as they are stealing and compromising your Device.