Stealthy BLISTER malware slips in unnoticed on Windows systems

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Security researchers have uncovered a malicious campaign that relies on a valid code-signing certificate to disguise malicious code as legitimate executables.
One of the payloads that the researchers called Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate.

The threat actor behind Blister has been relying on multiple techniques to keep their attacks under the radar, the use of code-signing certificates being only one of their tricks.

Signed, sealed, delivered​

Whoever is behind Blister malware has been running campaigns for at least three months, since at least September 15, security researchers from Elastic search company found.

The threat actor used a code-signing certificate that is valid from August 23, though. It was issued by digital identity provider Sectigo for a company called Blist LLC with an email address from a Russian provider Mail.Ru.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top