Hackers Sign Android Malware Apps with Compromised Platform Certificates
02-Dec-22
It has been discovered that platform certificates used by Android smartphone manufacturers including Samsung, LG, and MediaTek are being misused to sign malicious apps. Google reverse engineer ukasz Siewierski made the initial discovery and announced it on Thursday.
According to a report submitted through the Android Partner Vulnerability Initiative (AVPI), “A platform certificate is the application signing certificate used to sign the “android” application on the system image.” “The ‘android’ programme runs with a highly privileged user id — android.uid.system — and retains system permissions, including permissions to view user data.”
