[ad_1]
ESET, a computer security company, discovered an attack that affects D-Link's digital certificates and the security company Changing Information Technologies, Inc.
The two companies were immediately informed by ESET of the discovery and have already revoked the digital certificates in question. This is not the first time that one of these companies has security problems and 3 years ago, a researcher from the Dutch security company Fox IT, named Yonathan Klijnsma, said that the D-Link security cameras firm, mistakenly issued a private encryption key that is used to certify the legitimacy of their software.
The hacker group, which according to ESET is highly qualified, stole and used the certificates of both companies in Taiwan This was detected by ESET systems that discovered several suspicious files that had been digitally signed via these digital certificates stolen from D-Link. The discovery occurred because one of the certificates had already been used to validate the D-Link software, so that it was possible that the certificate was stolen.
Next, ESET researchers conducted a thorough analysis that allowed them to identify two different families of malware that were using the certificate, one was the Plead malware and the other a Keylogger used to steal passwords stored in applications among which are Firefox, Outlook, Chrome and IE. As for Plead, it's a remotely controlled backdoor malware.
But the above is not all, with the D-Link certificate, the researchers also discovered a certificate that was used by Changing Information Technologies, which, although it was revoked by this company in 2017, the group of cybercriminals has continued to use it to sign the software that they use for their criminal activities.
About this topic, the head of ESET Spain's research and outreach, Josep Albors, noted the following,
The misuse of digital certificates is one of the Cybercriminals choose to hide their malicious intent, since stolen certificates can hide malicious software and appear to be a legitimate application, increasing the chances that malicious code escapes security measures. without arousing suspicion.
may interest you …
Source link
