Samsung, LG, Mediatek certificates compromised to sign Android malware

Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware.

The biggest problem here is the fact that, are signed with the same platform certificate and assigned the highly privileged 'android.uid.system' user id, these apps will also gain system-level access to the Android device. Which mean that they can check and do much more than standard apps.

more:

https://arstechnica.com/gadgets/2022/12/samsungs-android-app-signing-key-has-leaked-is-being-used-to-sign-malware/

List of hashes: https://bugs.chromium.org/p/apvi/issues/detail?id=100