As you may be aware, digital certificates issued by a trusted certificate authority (CA) are used to cryptographically sign computer applications and software and are trusted by your computer so that you may use them without any warning messages.
However, researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, to sign their malware and thereby making them look like legitimate applications.
By using these code signing certificates associated with trusted software vendors in order to sign their malicious code, hackers are reducing the possibility of their malware being detected by anti-virus software on targeted PCs.
Researchers from ESET have found two types of malware, previously associated with cyber-espionage , that have been signed using valid digital certificates belonging to D-Link, the Taiwanese networking equipment manufacturer.
The two malware are known as Plead and Password Stealer.
Plead, is a is a remotely controlled backdoor designed to steal confidential documents and spy on users.
Password Stealer, is exactly that, it is designed to collect passwords from internet search browsers including; Google Chrome and Microsoft Internet Explorer.
The certificates have since been revoked by the Taiwanese companies that they were stolen from, however it is difficult to say whether this will make much difference, since the \antivirus software may not detect that the certificates have now been revoked and the hackers may continue to use the compromised digital certificates for their malicious software.
At CRIP.TO security is paramount. Our CRIP.TO Black device encrypts and stores all your personal data within its memory. CRIP.TO is dedicated to giving its customers the freedom to communicate fearlessly. Check out our best-in-class solution that gives individuals, groups, and companies the best end-to-end encryption solution available.