Malicious Android apps have been signed by threat actors through the exploitation of platform certificates used by device vendors Samsung, LG, and MediaTek, The Hacker News reports.
Platform certificates have been abused by the com.russian.signato.renewis, com.android.power, com.management.propaganda, com.sledsdffsjkh.Search, com.sec.android.musicplayer, com.attd.da, com.houla.quicken, com.metasploit.stage, com.arlo.fappx, and com.vantage.ectronic.cornmuni app packages, according to Google reverse engineer ukasz Siewierski, who first identified and reported such exploitation.
Even though the process of locating the artifacts and their potential use in malware campaigns continue to be uncertain, identified samples were noted as Metasploit, information stealers, HiddenAds adware, downloaders, and other malware. All affected vendors have been urged by Google to rotate their certificates following the exploitation.
"Google has implemented broad detections for the malware in Build Test Suite, which scans system images. Google Play Protect also detects the malware. There is no indication that this malware is or was on the Google Play Store. As always, we advise users to ensure they are running the latest version of Android," said Google.
A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git security audit, SQL Slammer 20 years later, the SQLMap tool
Threat actors have been leveraging Telegram to promote the new Titan Stealer information-stealing malware, which targets Windows machines to exfiltrate browser and cryptocurrency wallet data, reports The Hacker News.