Security News > 2022 > December > Hackers Sign Android Malware Apps with Compromised Platform Certificates
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps.
"A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the Android Partner Vulnerability Initiative reads.
This effectively means that a rogue application signed with the same certificate can gain the highest level of privileges as the Android operating system, permitting it to harvest all kinds of sensitive information from a compromised device.
The list of malicious Android app packages that have abused the certificates is below -.
When reached for comment, Google said it informed all impacted vendors to rotate the certificates and that there's no evidence these apps were delivered through the Play Store.
"Google has implemented broad detections for the malware in Build Test Suite, which scans system images. Google Play Protect also detects the malware. There is no indication that this malware is or was on the Google Play Store. As always, we advise users to ensure they are running the latest version of Android."
News URL
http://thehackernews.com/2022/12/hackers-sign-android-malware-apps-with.html
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- TrickMo malware steals Android PINs using fake lock screen (source)
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)