Tuesday, July 10, 2018

A new malware uses stolen digit certs (to evade AV and whitlisting tools) to collect saved passwords from Google Chrome, Microsoft Internet Explorer, Microsoft Outlook, and Mozilla Firefox.



The first malware, dubbed Plead, is a remotely controlled backdoor designed to steal confidential documents and spy on users.

The second malware is also a related password stealer designed to collect saved passwords from Google Chrome, Microsoft Internet Explorer, Microsoft Outlook, and Mozilla Firefox.

Security researchers from ESET have recently identified two malware families, previously associated with cyberespionage group BlackTech, that have been signed using valid digital certificates belonging to D-Link networking equipment manufacturer and another Taiwanese security company called Changing Information Technology.

most antivirus software fails to check the certificate's validity even when companies revoke the signatures of their certificates, the BlackTech hackers are still using the same certificates to sign their malicious tools.

https://thehackernews.com/2018/07/digital-certificate-malware.html

No comments:

Post a Comment