Researchers have discovered an attack exploiting CVE-2019-2215, which leverages three malicious apps in the Google Play store to compromise a target device and collect users’ data. This particular vulnerability exists in Binder, the main interprocess communication system that exists in Android. Camero, FileCrypt Manager, and callCam are believed to be related to the SideWinder group and have been active on Google Play since March 2019, based on one of the apps’ certificate information. The zero-day local privilege escalation vulnerability affected hundreds of millions of Android phones at the time it was published.”]
Source: https://www.darkreading.com/application-security/malicious-google-play-apps-linked-to-sidewinder-apt