Platform certificates used by Android smartphone vendors such as Samsung, LG, and MediaTek are known to be abused to sign malicious apps.

Findings first discover and report Created by Google Reverse Engineer Łukasz Siewierski on Thursday.

Android Partner Vulnerability Initiative (AVPI) read.

“The ‘Android’ application runs under a highly privileged user ID (android.uid.system) and has system permissions, including permissions to access user data. “

cyber security

This effectively means that a rogue application signed with the same certificate can obtain the highest level of privileges as the Android operating system, allowing it to collect all kinds of sensitive information from compromised devices.

Below is a list of malicious Android app packages that abuse certificates.

  • com.russian.signato.renewis
  • com.sledsdffsjkh.Search
  • com.houla.quicken
  • com.attd.da
  • com.arlo.fappx
  • com.metasploit.stage
  • com.vantage.electronic.cornmuni
Android malware apps

However, it is not immediately clear where and how these artifacts were discovered, or whether they were used as part of an active malware campaign.

A search on VirusTotal reveals that the identified samples are flagged by antivirus solutions as HiddenAds adware, Metasploit, information stealers, downloaders, and other obfuscated malware.

When asked for comment, Google has notified all affected vendors to rotate their certificates and said it has no evidence that these apps were distributed through the Play Store.

“Our OEM partners took immediate mitigation measures when key compromises were reported,” the company said in a statement to Hacker News. “End users are protected by user mitigations implemented by OEM partners.”

“Google has implemented extensive malware detection in the Build Test Suite that scans system images. Google Play Protect also detects malware. There is no indication that this malware is or was on the Google Play Store. As always, we advise our users to: Make sure you’re running the latest version of Android.”

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog