Virus Profile: Exploit/Certifigate.B

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 8/27/2015
Date Added: 8/27/2015
Origin: Unknown
Length: N/A
Type: Vulnerability
Subtype: Exploit
DAT Required: N/A
Removal Instructions
   
 
 
   

Description

Exploit/Certifigate.B is an app that potentially exploits the vulnerability of a certain kind of Remote Support Tool.

Indication of Infection

ny malicious apps which succeeded in exploiting this vulnerability can impersonate as an authenticated legitimate app and communicate with the Plugin which usually has higher privileges than normal apps, including injecting UI events and capturing device screen from remote server without user's knowledge.

Methods of Infection

This potentially malicious app requires that the user intentionally install it upon the device. As always, users should never install applications from unknown or un-trusted android market.
   

Virus Characteristics

Exploit/Certifigate.B is an app that has a characteristic which can potentially exploit the vulnerability known as 'Certifi-Gate' of a certain kind of Remote Support Tool designed for Android mobile devices. Such Remote Support Tools comprise of Remote Support Plugin usually pre-installed on device and Remote Support App installed later and allowed to communicate with the corresponding Plugin to enable remote support staffs to maintain and troubleshoot on the device on behalf of users. If the Plugin module has a vulnerability which fails to appropriately authenticate the connecting counterpart App, any malicious apps which succeeded in impersonating as authenticated legitimate app can communicate with the Plugin which usually has higher privileges than normal apps, including injecting UI events and capturing device screen without user's knowledge. Apps classified as Exploit/Certifigate.B have their digitally-signed certificate file in its APK (Android package) file which has the same serial number as the one of authenticated legitimate Remote Support Apps obtained by explicitly specifying the value when creating the certificate. This causes the counterpart Remote Support Plugin on device to fail to appropriately authenticate legitimate app to communicate with.

PC Infected? Get Expert Help

McAfee
Virus Removal Service

Connect to one of our Security Experts by phone. Have your PC fixed remotely - while you watch!

$89.95