The Day After the Year in Mobile Malware?

[K_Mikhail 807]

http://www.symantec.com/connect/blogs/day-...-mobile-malware

Sample: https://www.virustotal.com/file/79a3bc6da45...f4ef4/analysis/

[Viktor 669]

Вот ключевой момент:

the apps were signed with a certificate published as part of the Android Open Source Project (AOSP). The signing of an app with a publicly known certificate would allow an installation without having to go through the regular permissions notification screen on devices built with those keys

Люди явно не задумываются о последствиях, когда публикуют сертификаты в опенсорсных проектах