MADRID, Dec. 2 (Portaltic/EP) –
The seller certificates Android platform they have leakedwhich can lead to applications with ‘malware’ being distributed as legitimate by pretending to be from well-known brands, such as Samsung, with the same levels of privilege over the ‘smartphone’.
Android developers and vendors have a certificate for system application publishing that indicates that it is legitimate software and, depending on the level that has been granted, Grants certain access privileges to the phone.
Esper’s technical editor, Mishaal Rahmanhas alerted that some vendor certificates have been leaked, which are being used to sign malicious Android apps. The serious thing is that it affects one of the main Android manufacturers, Samsung, as can be seen on portals such as Virus Total or APK Mirror.
Malicious use of these certificates means that seemingly legitimate system apps they may actually be applications that contain some kind of ‘malware’, since they have the same privilege level as basic Android services.
According to Rahman, Google has advised affected manufacturers to try to use the certificates as little as possible, and to rotate the certificates while conducting an internal investigation. This can delay the arrival of some updates.
It is also advisable to download applications from the Google store or from the official store of the seller, since apparently this leak only affects those that require a manual download, not the updates that arrive wirelessly via OTA.
Folks, this is bad. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the “android” app itself. These certs are being used to sign malicious Android apps! https://t.co/lhqZxuxVR9
— Mishaal Rahman (@MishaalRahman) December 1, 2022