Sequretek Advisory - Malware Pushed Via Multiple Compromised Android OEMs Certificates

Android OEMs platform certifications and keys are getting heavily abused to obtain digital signatures on malicious applications to gain privilege access.

• Platform keys or certificates are primarily used to digitally sign core ROM images containing Android OS and associated system applications depending upon the Android OEM brands.

• Google has reported that multiple platform certificates are being used to sign malware. Hackers and/or malicious insiders have leaked the platform certificates of several vendors.

• Google has made public a number of digital certificates used by vendors to validate vital system applications were recently compromised and have already been abused to put a stamp of approval on malicious Android apps.

Sign Up Here for Download