Hackers obtained validation certificates for various brands of hardware, which could lead to serious cybersecurity issues. Google security expert Lukasz Siewierski and his team made the discovery. These security validators are used to sign Android applications from mobile phone and component manufacturers to prove their authenticity, differentiating them from malware.

LG, MediaTek, Samsung and Revoview certificates were used irregularly by hackers. However, the total number of security validators is much higher and it was not identified which other companies had the security device compromised. - Advertisement - Another element that raises questions is how the hackers obtained the security certificates. The bet is that they were stolen through leaks, intrusions into the companies’ internal systems or with the collaboration of dishonest employees.

New APVI entry: platform certificates used to sign malware Found by yours truly :)https://t.co/qiFMJW111A — Łukasz (@[email protected]) (@maldr0id) November 30, 2022

According to information from Lukasz Siewierski, the following packages were identified in malicious applications using the certificates illegally:

com.russian.signato.renewis

com.sledsdffsjkh.Search

com.android.power

com.management.propaganda

com.sec.android.musicplayer

com.houla.quicken

com.attd.da

com.arlo.fappx

com.metasploit.stage

com.vantage.ectronic.cornmuni

The Android Vulnerability Partners Initiative (AVPI) report reveals that certificates can be used in malware to disguise them as official apps and allow them to gain access to victim data, collecting information, intercepting and making phone calls. , as well as installing and uninstalling applications remotely. More worryingly, the hacker would gain the same level of control as the device’s owner, which could lead to targeted and damaging attacks.