Google warns stolen Android keys used to sign info-stealing malware

Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties.

Googler Łukasz Siewierski found and reported the security issue and it’s a doozy that allows malicious applications signed with one of the compromised certificates to gain the same level of privileges as the Android operating system — essentially unfettered access to the victim’s device.

Read more…
Source: The Register