Same thought here. The domain appears to be associated with Ningbo Sunning Softw... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		axsharma on Dec 2, 2022 \| parent \| context \| favorite \| on: Platform certificates used to sign malware Same thought here. The domain appears to be associated with Ningbo Sunning Software, a Chinese vendor and likely a Mediatek partner than anything Android.

arsome on Dec 2, 2022 [–]

Good catch after looking into it more this may be related to subcontractors providing vendors with malicious update tools that they then sign.

https://maldroid.github.io/docs/vb_2022.pdf

MishaalRahman on Dec 2, 2022 | [–]

Good catch!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact