Researchers with Check Point observed a popular app on the Google Play store successfully exploiting ‘Certifi-gate’, a critical Android vulnerability that the security firm disclosed at Black Hat USA 2015 in Las Vegas. Security researchers showed how a malicious app requiring no special permissions can enable an attacker to completely take over nearly any device running the popular mobile operating system. They also showed the vulnerability using a proof of concept flashlight app, but the offending application observed in the Google Play store is Recordable Activator, a screen recording app from U.K.-based Invisibility Ltd with between 100,000 and 500,000 downloads. Unlike the flashlight app that exploited the “Certifi-gate” vulnerability to completely take over devices, the researcher stated that Recordable Activator could only be used to record the screen.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street