Malware devs trick Windows validation with malformed certs


Level 37
Thread author
Top poster
Feb 4, 2016
Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software.
This tactic is actively used to push OpenSUpdater, a family of unwanted software also known as riskware, which injects ads into victims' browsers and installs other unwanted programs onto their devices.

Campaigns coordinated by the financially motivated threat actors behind OpenSUpdater will attempt to infect as many devices as possible.
Most targets are from the US and likely interested in downloading game cracks and other potentially booby-trapped tools.