Cybercriminals are now selling counterfeit digital certificates to hackers that use them to transform their malware into the legit software. This kind of practice only adds up problems to every cybersecurity firm out there including ours.
These counterfeit files are acting as valid code signing certificates that make malware invisible to almost all antivirus engines. Only a few best antivirus solutions managed to detect malware using this certificates.
It is simple: once a payload is signed with the false certificate, then the file becomes undetectable by any antivirus out there.
Our cybersecurity researchers detected an Eastern European cybercrime market that sells counterfeit code signing certificates to Russian customers.
These fake certificates are not stolen, they are created using real information to deliver a unique, working and efficiently real certificate. The newly digitally signed malware efficiently bypasses most of the cybersecurity solution out there.
Our CEO stated: “These code signing certificates have severe implications for cybersecurity companies because signed malware can bypass any cybersecurity solution. It also makes the job more easy for the hackers who want to infect devices that only install legit signed software.”
The scheme is advantageous for example during a penetration test our cybersecurity team used a signed remote access trojan (RAT) payload that was undetected by antivirus solutions.
Counterfeit digital certificates were used before in attacks like Stuxnet and Duqu 2.0; this successful hacking operation has targeted the United States and Israel.
The most significant cybersecurity problem now is that there is only a few best antivirus for Mac and a few best antivirus for Windows that can detect this new affordable way of deceiving an antivirus.
This technique once used in nation-state campaigns is now having an affordable range of prices: the cheapest code signing certificate costs $299 while an Extended Validation (EV) certificate with SmartScreen reputation rating sells for $1599.
A fast cybersecurity solution must be developed because anyone who has enough funds can spend an extra $500 on a certificate to make sure the final payload will be delivered and the device will be infected.
Remember to always use only the best antivirus solution on the market in your devices because only them can fully protect you.