3 Malicious App in the Google Play
Recently, according to surveys by the NSO team, three legitimate Android software was discovered in the Google Store that gives the attacker the ability to detect and control the victim's device. These are the newly discovered malicious Android apps "Camero", "FileCrypt" and "callCam" that are said to be related to the Sidewinder APT group.
According to cyber security researchers at Trend Micro, these programs have been taking advantage of a significant User-After-Free vulnerability on Android since at least March last year, meaning that Zero-Day was first announced 7 months ago.
According to Trend Micro, FileCrypt Manager and Camero act as droppers and connect to a remote command and control server to download a DEX file, which then downloads the callCam app and tries to install it by exploiting privilege escalation vulnerabilities or abusing accessibility feature, More importantly, all this is done without the user's knowledge or intervention. After installation, callCam hides its icon from the menu, gathers the following information from the compromised device and sends it to the background on the attacker C&C server:
- Battery status
- Files on device
- Installed app list
- Device information
- Sensor information
- Camera information
- Wifi information
- Data and social networking files installed on the mobile phone
How to Protect Android Phone from Malware
Google has now removed all the above-mentioned malicious apps from Play Store, but since Google systems are not sufficient to keep bad apps out of the official store, you have to be very careful about downloading apps.
To check if your device is being infected with this malware, go to Android system settings → App Manager, look for listed package names and uninstall it.
To protect your device against most cyber threats, you are recommended to take simple but effective precautions like:
- keep devices and apps up-to-date,
- avoid app downloads from unfamiliar sources,
- always pay close attention to the permissions requested by apps,
- frequently back up data, and
- install a good antivirus app that protects against this malware and similar threats.