To bypass code-signing checks, malware gang steals lots of certificates

  • 16 March 2016
  • 1 reply
  • 132 views

Userlevel 7
Badge +54

Legitimate code-signing certs provide secret cover for attack groups.

by Dan Goodin (US) - Mar 16, 2016
 
                                     http://cdn.arstechnica.net/wp-content/uploads/sites/3/2016/03/mac-code-signing.png
 
There are lots of ways to ensure the success of an advanced hacking operation. For a gang called Suckfly, one of the keys is having plenty of stolen code-signing certificates on hand to give its custom malware the appearance of legitimacy.
 
Since 2014, the group has used no fewer than nine separate signing certificates from nine separate companies to digitally sign its hacking wares, according to a blog post published Tuesday by security firm Symantec. Company researchers first came upon the group last year when they identified a brute-force server message-block scanner that was signed with a certificate belonging to a South Korean mobile software developer. When the researchers searched for other executable files that used the same credential, they eventually uncovered three more custom tools from the same group of black-hat hackers.
 
Full Article

1 reply

Userlevel 7
Hmmmm, not good. I have always wondered about how secure certificates are and they are not worth the electronice paper they are written on if there is no trust in them...and this does nothingto help matters. :(

Reply