Unfortunately, Google Play Store is also not secure from malicious apps. Yes, you have read it correctly. According to the research of cybersecurity firm Trend Micro, three apps have been trying to access users’ devices to retrieve their crucial information.
These three malicious apps are Camero, FileCryptManager, and CallCam, which are displayed as photography and file manager tools on Google Play Store. Therefore, you should use the best Android VPN before downloading apps from the Google Play Store.
If we talk about the Camero app, it exploits use-after-free vulnerability CVE-2019-2215 that resides in Binder, an inter-process communication system in Android. Hackers can exploit CVE-2019-2215 vulnerability by injecting malicious codes into the users’ devices. As a result, they can access their information quite easily.
Besides, these three apps have a strong association with a hacking group “SideWinder.” The group has been spying on Windows’ devices of military entities since 2012.
How SideWinder distributes malware?
SideWinder group distributes malware in targeted Windows’ devices in two steps. These steps are:
- The DEX file is downloaded from the attacker’s C&C server
- The downloaded file then installs the APK once it exploits the device
- On the other hand, FileCrypt Manager and Camero apps act as a dropper
Once the extra DEX file has been downloaded from the C&C server, the second-layer droppers entice additional code to download, install, and launch the CallCam app on the device. The SideWinder group takes vast benefit from using obfuscation, data encryption, and at the same time, it invokes dynamic code to bypass detection issues as well.
The CallCam app starts collecting users’ data and then sends it to the C&C server after hiding its icon. The information gathered by the app includes battery usage, user location, device information, camera information, screenshot account, Wi-Fi details, sensor data, files on the device, and installed app list. Furthermore, it also collects data through Twitter, WeChat Facebook, Gmail, and Yahoo Mail.
How to secure yourself from Android App vulnerabilities?
Considering the devastating impacts of these harmful apps, you should consider installing a VPN on your Android devices. This amazing online privacy option stops these apps from accessing your personal data, which is available on different social media platforms.
Similarly, you can protect yourself from another malware StrandHogg that is shown on Android mobile phones as a legitimate app with a VPN. The malware asks for several permissions and helps hackers in accessing users’ information such as personal photos and text messages. Apart from this, the bug starts acting like a device’s owner by taking over numerous functions.
Use of Knox for improving Samsung phones’ privacy
If you want to enhance the security of your Samsung mobile phones, then you can also use Knox, an all-in-one-mobile security solution. This mobile security solution is specifically helpful when you are using your Android phones at your workplaces, according to BYOD (Bring Your Own Device) context.
When you deploy Knox on your Samsung smartphones, your employers may control the particular part of your phone’s operating system that you use for work-related activities. The organizations can install various apps remotely, and they can demand permission from their employees to install these apps on their phones.
In short, Knox enables companies to secure their sensitive business information from their employees for unauthorized usage.
Luckily, these dangerous apps are no longer available on the Google Play Store. However, you must use a VPN before installing unknown apps on your Android mobile phones because it offers an exclusive malware blocker feature to its users. On the other hand, you can use Knox to safeguard your work-related tasks if you are using your Samsung mobiles for official purposes.
Similar / posts
February 27th, 2020
Updated on December 28th, 2020