“Certifi-Gate” Android security vulnerability
- screen scraping
- exfiltrating private information
- installing malware apps, and more
“An attacker can exploit mRATs to exfiltrate sensitive information from devices such as location, contacts, photos, screen capture, and even recordings of nearby sounds.” Researchers explained in the published paper.
“While analyzing and classifying mRATs, our research team found some apps share common traits with mRST. Known mRAT players include HackingTeam, mSpy, and SpyBubble.”
Am I vulnerable to Certifi-Gate vulnerability?
Checkpoint released an app that detects if your Android device is vulnerable to the Certifi-Gate exploits and also reveals if any attacks have already been launched on the user’s phone.