BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Samsung and LG certificates used to sign malicious apps


    Android system app signing certificates were used by attackers to sign malicious apps.

    Android device OEMs use certificates or keys to sign master ROM images of Anfroid devices and related applications. If a malicious app is signed with the same certificate as a legitimate app and given a highly privileged user ID, that app will also gain system-level access to the Android device.

    Such privileges grant access to sensitive permissions that are not normally granted to applications, such as:

    • managing current calls;
    • installing or removing packages;
    • collecting information about the device, etc.

    This misuse of platform keys was discovered by Google Android security reverse engineer Lukasz Seversky.

    Seversky found several malware samples signed with 10 certificates and provided SHA256 hashes for each of the samples and digitally signed certificates. It is currently unknown who misused these certificates and how the malware samples were distributed.

    A search of these hashes in VirusTotal showed that some of the certificates belong to Samsung Electronics, LG Electronics, Revoview and Mediatek. Malware signed with company certificates includes:

    • Trojan HiddenAds - displays ads on the lock screen that takes up the entire screen of the device;
    • Infostealer - steals confidential information about the user and his credentials;
    • Metasploit is a pentest tool that can be used to develop and distribute exploits;
    • Dropper - applications that contain additional payloads to infect a device.

    To see all apps signed by these potentially compromised certificates, you can use APKMirror to search for them (list of apps signed with Samsung certificate and one app signed with LG certificate). Google has informed all affected vendors and advised them to change their platform certificates, investigate the leak, and minimize the number of apps signed with their certificates to prevent future incidents.

    Author DeepWeb
    Psychedelic truths for beginners for a comfortable LSD trip
    RansomHouse cyber-ransomware attacked medical company Keralty

    Comments 0

    Add comment