Stolen D-Link digital certificate malware



Nordnet Baritof
Nordnet Baritof
  • Technical Writer
  • Entrepreneur
  • Founder and CEO
  • Developer
  • Blogger and IT Analyst
2018-07-09 16:27:55

| Share
| Share
| Share
Stolen D-Link digital certificate malware

Digitally signed malware has become much more common in recent years to mask malicious intentions.

Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, including D-Link, to sign their malware and making them look like legitimate applications.

As you may know, digital certificates issued by a trusted certificate authority (CA) are used to cryptographically sign computer applications and software and are trusted by your computer for execution of those programs without any warning messages.

However, malware author and hackers who are always in search of advanced techniques to bypass security solutions have seen been abusing trusted digital certificates in recent years.

Hackers use compromised code signing certificates associated with trusted software vendors in order to sign their malicious code, reducing the possibility of their malware being detected on targeted enterprise networks and consumer devices.

Security researchers from ESET have recently identified two malware families, previously associated with cyberespionage group BlackTech, that have been signed using valid digital certificates belonging to D-Link networking equipment manufacturer and another Taiwanese security company called Changing Information Technology.

The first malware, dubbed Plead, is a remotely controlled backdoor designed to steal confidential documents and spy on users.

The second malware is also a related password stealer designed to collect saved passwords from Google Chrome, Microsoft Internet Explorer, Microsoft Outlook, and Mozilla Firefox.

Researchers notified both D-link and Changing Information Technology about the issue, and the companies revoked the compromised digital certificates on July 3 and July 4, 2018, respectively.

Since most antivirus software fails to check the certificate's validity even when companies revoke the signatures of their certificates, the BlackTech hackers are still using the same certificates to sign their malicious tools.

"The ability to compromise several Taiwan-based technology companies and reuse their code-signing certificates in future attacks shows that this group is highly skilled and focused on that region," the researchers said.

It is not the first time when hackers have used valid certificates to sign their malware. The infamous Stuxnet worm that targeted Iranian nuclear processing facilities in 2003 also used valid digital certificates.

Also, the 2017 CCleaner hack, wherein hackers replaced the original CCleaner software with the tainted downloads, was made possible due to digitally-signed software update.

click the next for more ...
Alert ! Godaddy Web hosting server hack
Alert ! Godaddy Web hosting server hack
Alert ! Godaddy Web hosting server hack

.
SCANDAL FaceBook FINED Cambridge for 500 000  £
SCANDAL FaceBook FINED Cambridge for 500 000 £

Facebook has finally been weaking up with its first fine of £500,000 for Cambridge Analytica to improperly gather and misapply data of 87 m


SCANDAL FaceBook FINED Cambridge for 500 000  £
Marvel Comics Giant Stan Lee Has Died At 95

Stan Lee, the colorful Marvel Comics patriarch who helped usher in a new era of superhero storytelling -- and saw his creations become a giant influen


SCANDAL FaceBook FINED Cambridge for 500 000  £
How Does Android s New In-app Updates API Work

Notice that the Android§apostrofe§s new In-app Updates API doesn§apostrofe§t force or lock out users from the app if they chose no


SCANDAL FaceBook FINED Cambridge for 500 000  £
Capitan has slept in the grave of his owner every night

For the past 6 years, a dog named Capitan has slept in the grave of his owner every night. His owner, Miguel Guzman died in 2006 and Capitan dissapear


SCANDAL FaceBook FINED Cambridge for 500 000  £
Kendall Jenner Has Been A Granted Permanent Restraining Order Against Her Alleged Stalker

Kendall Jenner§apostrofe§s supposed stalker was requested to avoid the supermodel for a long time on Friday subsequent to being gotten on her proper


SCANDAL FaceBook FINED Cambridge for 500 000  £
So Your Dog Has Canine Cancer Here s What to do Next

One in four dogs will be diagnosed with canine cancer in their lifetime, and cancer is the second leading cause of death in older animals. That’



© 2013-2018 best of geeks. All rights reserved.