Hackers are selling legitimate code-signing certificates to evade malware detection

New research by Recorded Future’s Insikt Group found that hackers and malicious actors are obtaining legitimate code-signing certificates from issuing authorities in order to sign malicious code. That’s contrary to the view that in most cases certificates are stolen from companies and developers and repurposed by hackers to make malware look more legitimate.

Code-signing certificates are designed to give your desktop or mobile app a level of assurance by making apps look authentic. But not only does code-signing have an affect on users who inadvertently install malware, code-signed apps are also harder to detect by network security appliances. The research said that hardware that uses deep packet inspection to scan for network traffic “become less effective when legitimate certificate traffic is initiated by a malicious implant.”

That’s been picked up by some hackers, who are selling code-signing certificates for as little as $299. Extended validation certificates which are meant to go through a rigorous vetting process can be sold for $1,599.

Read more about the certificates, which were obtained by reputable certificate issuing authorities, like Comodo, and Symantec and Thawte — both of which are now owned by DigiCert, on ZDNet.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here