Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Digitally signed malware is increasingly prevalent, researchers say

Lucian Constantin | March 16, 2012
Security companies have recently identified multiple malware threats that use stolen digital certificates to sign their components in an attempt to avoid detection and bypass Windows defenses.

Another non-driver malware component signed with a stolen digital certificate was recently identified by security researchers from AlienVault as part of an attack against Tibetan activist organizations.

"The malware being used in this attack is a variant of Gh0st RAT (remote access Trojan), a type of software that enables anything from stealing documents to turning on a victim's computer microphone," said Jaime Blasco, a security researcher at AlienVault, in a blog post on Tuesday. "Gh0st RAT was a primary tool used in the Nitro attacks last year and the variant we uncovered in these attacks seem to come from the same actors."

Both Kaspersky Lab and BitDefender have confirmed seeing a steady increase in the number of malware threats with digitally signed components during the last 24 months. Many use digital certificates bought with fake identities, but the use of stolen certificates is also common, Craiu and Botezatu said.

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.