MUST READ

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

 | 

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

 | 

DoJ resentenced former BreachForums admin to three years in prison

 | 

Apple backports fix for actively exploited CVE-2025-43300

 | 

New supply chain attack hits npm registry, compromising 40+ packages

 | 

Cybercrime group accessed Google Law Enforcement Request System (LERS)

 | 

China-linked Mustang Panda deploys advanced SnakeDisk USB worm

 | 

Insider breach at FinWise Bank exposes data of 689,000 AFF customers

 | 

Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records

 | 

Fairmont Federal Credit Union 2023 data breach impacted 187K people

 | 

UK ICO finds students behind majority of school data breaches

 | 

INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 62

 | 

Security Affairs newsletter Round 541 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ShinyHunters Attack National Credit Information Center of Vietnam

 | 

FBI warns of Salesforce attacks by UNC6040 and UNC6395 groups

 | 

HybridPetya ransomware bypasses UEFI Secure Boot echoing Petya/NotPetya

 | 

Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS

 | 

Samsung fixed actively exploited zero-day

 | 

UK train operator LNER (London North Eastern Railway) discloses a data breach

 | 

Certifi-Gate, a new Android flaw allows hackers to control your mobile

Pierluigi Paganini August 10, 2015

Certifi-Gate is the name of a new vulnerability affecting Android mobile devices discovered by Check Point security that could be exploited to control them.

Android users had a bad time after discovering the “Stagefright” vulnerability, but unfortunately other security issues are warning them. It was recently discovered a new vulnerability dubbed Certifi-Gate which could be exploited by hackers to control a mobile device by using a pre-installed plugin in Android devices.

You may know that almost all manufacturers pre-install “Remote Support Tool (mRST)” plugins in order to aid users to use tools such TeamViewer, RSupport, etc etc.

What this vulnerability does is using the mRTS plugin as entry point for “bad” applications that can control the mobile device, even if it is not rooted.

Android certifi-gate flaw

Researchers at Check Point explained that the “Certifi-Gate” vulnerability lies in the way manufacturers of Android devices use certificates to sign the mRST tools.

Another problem is that even if your phone is not rooted, this type of applications have root level access, so easily can gain access to:

  • screen scraping
  • keylogging
  • exfiltrating private information
  • installing malware apps, and more

As said before, this vulnerability affects millions of Android users, and the sad part about it is that users cannot uninstall the mRST plugin because it’s part of the core system.

“An attacker can exploit mRATs to exfiltrate sensitive information from devices such as location, contacts, photos, screen capture, and even recordings of nearby sounds.”

“While analyzing and classifying mRATs, our research team found some apps share common traits with mRST. Known mRAT players include HackingTeam, mSpy, and SpyBubble.” reports the Check Point’s paper

Ho to verify if the mobile device is vulnerable?

Check Point has released a mobile app that can be found here:

https://play.google.com/store/apps/details?id=com.checkpoint.capsulescanner

The app detects if your android phone is vulnerable or not to the Certifi-Gate vulnerability, and shows if the mobile was already hit by attackers.

Since Android manufacturers are known to take time in releasing patching to the users, this many take some time until is fixed.

Check out the videos:

 

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – Certifi-Gate, Android)

Android Certifi-Gate certificates digital certification Hacking mobile

you might also like

Pierluigi Paganini September 17, 2025
China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy
Read more
Pierluigi Paganini September 17, 2025
Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

APT / September 17, 2025

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

Cyber Crime / September 17, 2025

DoJ resentenced former BreachForums admin to three years in prison

Cyber Crime / September 17, 2025

Apple backports fix for actively exploited CVE-2025-43300

Security / September 17, 2025

New supply chain attack hits npm registry, compromising 40+ packages

Malware / September 16, 2025