Malware apps signed with Android platform certificates

Malicious Android apps have been signed by threat actors through the exploitation of platform certificates used by device vendors Samsung, LG, and MediaTek, The Hacker News reports. Platform certificates have been abused by the com.russian.signato.renewis, com.android.power, com.management.propaganda, com.sledsdffsjkh.Search, com.sec.android.musicplayer, com.attd.da, com.houla.quicken, com.metasploit.stage, com.arlo.fappx, and com.vantage.ectronic.cornmuni app packages, according to Google reverse engineer ukasz Siewierski, who first identified and reported such exploitation. Even though the process of locating the artifacts and their potential use in malware campaigns continue to be uncertain, identified samples were noted as Metasploit, information stealers, HiddenAds adware, downloaders, and other malware. All affected vendors have been urged by Google to rotate their certificates following the exploitation. "Google has implemented broad detections for the malware in Build Test Suite, which scans system images. Google Play Protect also detects the malware. There is no indication that this malware is or was on the Google Play Store. As always, we advise users to ensure they are running the latest version of Android," said Google.