Security software vendor Malwarebytes has issued an alert over the emergence of a new certified Trojan'.
The malware is a Brazilian banking and password stealer that has been signed with a valid digital certificate issued by DigiCert.
Clearly, if digital certificates can be abused so easily, we have a big problem on our hands
"The purpose of a digital signature is to guarantee the authenticity of a file from a particular vendor and is provided by one of a few certificate authorities," said senior security researcher Jerome Segura in a blog post.
"[However], this certificate is issued to a company called Buster Paper Comercial Ltda', a Brazilian company that actually does not exist and was registered with bogus data," Segura added.
The malware is disguised as a PDF and when opened appears to show a genuine invoice. However, in the background, it downloads a banking Trojan.
As Segura points out, the theft or mis-signing of digital certificates is not new and this particular banking Trojan has used this method of infection before.
"What we have here is a total abuse of hosting services, digital certificates and repeated offenses from the same people.
"Clearly, if digital certificates can be abused so easily, we have a big problem on our hands," said Segura.
Malwarebytes said, even in the face of more sophisticated and underhand threats such as this, "the same old tips still hold very true".
The company advises users not to open an attachment, even from someone they know, without first doing a thorough check on it.
It added, even if a file is digitally signed, it does not guarantee it is safe to use.
"A lot of potentially unwanted applications can use a digital certificate and, of course, malware can too," said Segura.
"Always check the file extension... [and] never trust file icons. Just because it looks like a Word document or PDF file does not mean it is. With that in mind, stay safe," Segura concluded.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
CronRat Magecart malware uses 31st February date to remain undetectedNews The malware allows for server-side payment skimming that bypasses browser security
-
Mekotio trojan continues to spread despite its operators’ arrestsNews Hackers have used it in 100 more attacks since arrests
-
“Trojan Source” hides flaws in source code from humansNews Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks
-
What is Emotet?In-depth A deep dive into one of the most infamous and prolific strains of malware
-
Fake AnyDesk Google ads deliver malwareNews Malware pushed through Google search results
-
Hackers use open source Microsoft dev platform to deliver trojansNews Microsoft's Build Engine is being used to deploy Remcos password-stealing malware
-
Android users told to be on high alert after Cerberus banking Trojan leaks to the dark webNews The source code for the authenticator-breaking malware is available for free on underground forums
-
Qbot malware surges into the top-ten most common business threats
News An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally
