Fake SSL certificates pose as legitimate Google, Facebook, GoDaddy, YouTube and iTunes certificates. British security firm Netcraft says the certificates could be used in man-in-the-middle attacks. The fake certificates are not signed, so they’re unlikely to dupe anyone using a browser. The company says mobile apps and banking apps may be at risk from the fake certificates. The certificates could allow attackers to eavesdrop on the user s mobile device and steal sensitive data before sending it to someone else.
Source: https://threatpost.com/certificates-spoofing-google-facebook-godaddy-could-trick-mobile-users/104259/