High
SideWinder is a threat group that has existed since 2012, targeting military entities’ Windows machines. It is widely known to have targeted various military entities in different regions. Recently, three malicious apps were discovered by Trend micro which were working in corelation to target a victim’s device and collect user’s information.One of the three apps is called Camero, and it exploits a vulnerability that exists in Binder, which is the main Inter-Process Communication system in Android. It was documented that this is the first known active attack in the wild that uses the use-after-free vulnerability. The three apps were disguised as photography and file manager tools. In terms of installation, SideWinder installs the payload app in two stages. First, it downloads a DEX file in Android format from its command and control server.
Exposure of sensitive information
SHA-256