Hackers hide malware with code signing and SSL certificates

Full Article :

BetaNews - https://betanews.com/2018/02/22/malware-code-signing-ssl/

2017 saw a sudden increase in code signing certificates being used as a layered obfuscation technique to deliver malicious payloads. Recorded Future’s Insikt Group has been investigating the criminal underground and has identified a number of vendors currently offering both code signing certificates and domain name registration with accompanying SSL certificates. Particularly interesting is that researchers have found that certificates available on the digital underground are not stolen from legitimate owners, but are created for a specific buyer on request and are registered using stolen corporate identities, making traditional network security appliances less effective at detecting them. “It’s been generally…

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: