The vulnerabilities may have allowed a threat actor to gain complete control of a user’s Kindle, perhaps resulting in the theft of the Amazon device token or other sensitive information stored on the device.

The BendyBear sample was determined to be x64 shellcode for a stage-zero implant whose sole function is to download a more robust implant from a command and control (C2) server.