A report from Google’s Android security team revealed that several Android platform certificates were abused to sign malicious apps – that let them gain root privileges of the device.
Platform certificates are the trusted digital keys owned by respective device OEMs and used for signing their core apps. Thus, abusing them for signing malware-laced apps will grant them root access as legitimate apps, causing trouble to users.
Abusing the Android Platform Certificates
To the unknown, every device OEM out there will have certain trusted certificates to sign their core apps on the platform – similar to authenticating documents with a signature. These would allow the signed apps to gain root privileges to the system’s internals for better working.
Well, these are now abused by threat actors in the case of Android devices, where a reverse engineer at Google’s Android Security team spotted a few malware apps signed with trusted platform certificates of legitimate OEMs.
New APVI entry: platform certificates used to sign malware Found by yours truly 🙂 https://t.co/qiFMJW111A — Łukasz (@ [email protected] ) (@maldr0id) November 30, 2022
