Samsung, LG, Mediatek certificates compromised to sign Android malware

Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware.

The biggest problem here is the fact that, are signed with the same platform certificate and assigned the highly privileged 'android.uid.system' user id, these apps will also gain system-level access to the Android device. Which mean that they can check and do much more than standard apps.


List of hashes:

Apple made significant changes to macOS malware protection during 2022

Apple updated anti-malware protection tools to macOS. Now macOS scans for malware proactively.

Until XProtect Remediator arrived in macOS 12.3 last March, system tools for tackling malware were essentially limited to XProtect and MRT. XProtect was mainly used to check apps and other code which had a quarantine flag set, against a list of signatures of known malware, and can only detect. While Apple has broadened its scope to check more frequently, and continues to update those signatures every couple of weeks, they have their limits. MRT ran scans to both detect and remove (‘remediate’) known malware, most noticeably shortly after startup, but infrequently.

The Electric Light Company


Malicious app on Google Play drops banking malware

A malicious app on the Google Play Store automatically installed malware called Vultur which targets financial services to steal users’ banking information. Infected "2FA Authenticator" was removed from the store after 15 days during which more than 10000 users have downloaded it. Quote strange is that the app required much more permissions than its main functionality would suggest and was published via Play Store without.