silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, including D-Link, to sign their malware and making them look like legitimate applications.
As you may know, digital certificates issued by a trusted certificate authority (CA) are used to cryptographically sign computer applications and software and are trusted by your computer for execution of those programs without any warning messages.
However, malware author and hackers who are always in search of advanced techniques to bypass security solutions have seen been abusing trusted digital certificates in recent years.
Hackers use compromised code signing certificates associated with trusted software vendors in order to sign their malicious code, reducing the possibility of their malware being detected on targeted enterprise networks and consumer devices.
Security researchers from ESET have recently identified two malware families, previously associated with cyberespionage group BlackTech, that have been signed using valid digital certificates belonging to D-Link networking equipment manufacturer and another Taiwanese security company called Changing Information Technology.