On December 1, 2022, Google reverse engineer Lukasz Siewierski discovered and reported that hackers abusing platform certificates used by Android smartphones like Samsung, LG, and MediaTek to sign their Android malicious applications. A platform certificate is an application signing certificate used to sign an Android application on the system image. The android application runs with a highly privileged user id 'android.uid.system and holds system permissions, with permissions to access user data As per reports, If a rogue application is signed with the same certificate that was used to sign legitimate applications, then it could gain the same level of privileges as the Android operating system, and allows hackers to harvest all kinds of sensitive information from the compromised device. The list of malicious Android app packages that have abused the certificates is 'com[.]sledsdffsjkh[.]Search', 'com[.]russian[.]signato[.]renewis', 'com[.]android[.]power', 'com[.]sec[.]android[.]musicplayer', 'com[.]management[.]propaganda', 'com[.]attd[.]da', 'com[.]houla[.]quicken', 'com[.]metasploit[.]stage', 'com[.]arlo[.]fappx', and 'com[.]vantage[.]ectronic[.]cornmuni' Further researchers claim that it is unclear whether these artifacts were part of any active malware campaign, or how and where they were found. According to the VirusTotal threat intel platform, these samples were flagged as HiddenAds adware, Metasploit, information thieves, downloaders, and other obfuscated malware by antivirus solutions. In regards to this scammers' malicious activity, Google informed all impacted vendors to rotate the certificates and confirmed that they did not find any evidence to prove that these apps were delivered through its official Android Play Store. After the researcher reported his findings, the original equipment manufacturer (OEM) partners immediately began implementing appropriate mitigation to protect users from the attack. Google has also implemented broad detections for the malware in Build Test Suite, which scans system images.
Tanto Security has issued a warning regarding three critical-severity vulnerabilities in the Judge0 open-source service, posing a significant risk of sandbox escapes and complete t...
London Drugs, a prominent Canadian pharmacy and retail chain, has temporarily closed all its stores in response to a cybersecurity incident that occurred over the weekend. Initiall...
The Government Accountability Office (GAO) has identified new deficiencies in the Internal Revenue Service's (IRS) security management, access, and configuration management con...