When Malware Gets itself a Certificate
According to the online news service heise online cybercriminals have acquired valid certificates for signing their malware. Malwarebytes reports, that the scheme went wrong, when the Bad Guys used the certificate for signing a banking Trojan as well as another malware and tried to distribute it. Meanwhile the validity of the certificate has been withdrawn.
Heise online states: “The illegitimate signed trojan is distributing itself by e-mail with an executable attached, which is disguised as PDF. When the file is run, malware is installed and is uploading further payloads, capable of stealing banking credentials and passwords.”
itWatch Enterprise Security is protecting against this thread:
ApplicationWatch is monitoring and controlling all applications in the network, either with the help of black or white lists. With only known applications being permitted for use even “certified” malware doesn’t get a chance.
With XRayWatch file access can be precisely controlled. The content of the file is checked, hence for instance a PDF can only be opened, if it truly is a PDF (and doesn’t contain additional active code).
However, even if an application seems to be legitimate, you still can’t be sure that it would be harmless. ReCAppS provides the possibility of automatically run an executable in a virtual environment behind a firewall or in the cloud. There users can view and process sensitive data, which are to be imported in the client.