Malware Could Be Using Legitimate Signature Certificates



/ 2 years ago

digitalCertificate

When it comes to installing software on your computer, we often have to take it on faith that the software is safe to use. As an extra precaution, the latest step is to allow companies to use “certificates”, digital signatures that show that a trusted company created the software. A group known for creating malware may have found a way around this system though as some of their nasty programs are using legitimate signature certificates.

By using legitimate signature certificates your computer trusts the software and installs it without further hassle, the problem being that the software is less than safe and, in fact, is just malware (or malicious software). According to Symantec, the group known as Suckfly has used no less than nine different singing certificates from nine different companies since 2014.

Categorising the found malware into groups, Symantec found that 11 of the identified tools could be used for backdooring into your system. While others could be used to log and find out your information, some even checked your network traffic to find out what could be used to access your system through port scanning software.

Fig1_33

With so many certificates being stolen and used for signing malware, and it becoming a common practise amongst malware creators, could we see the need for another way of finding and checking software is legitimate if these techniques are so easily bypassed?

 

Topics: , , , , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow. And continue to bring you the latest news, reviews, and competitions. Follow us on Facebook and Twitter to keep up with the latest technology. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!
eTeknix FacebookeTeknix TwittereTeknix Instagram

Check out our Latest Video

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!


Optimized with PageSpeed Ninja