1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Cybercriminals have found a way to get their malware certified by

    From TechnologyDaily@1337:1/100 to All on Wed Oct 20 16:30:04 2021
    Cybercriminals have found a way to get their malware certified by Microsoft

    Date:
    Wed, 20 Oct 2021 15:09:15 +0000

    Description:
    Instead of using stolen digital certificates, researchers find a new rootkit thats digitally signed by Microsoft themselves.

    FULL STORY ======================================================================

    Cybersecurity researchers have discovered yet another rootkit that has
    abused Microsoft's Windows Hardware Quality Labs (WHQL) signing process.

    Researchers at security vendor Bitdefender have uncovered the FiveSys
    rootkit, which is the second rootkit theyve run into that has managed to make its way through Microsofts driver certification process.

    Most of the rootkit cases we documented in the past rely on stolen digital certificates from legitimate companies, so up until recently malware writers used stolen digital certificates to sign their drivers, observed Bitdefender
    , noting the change in tactics. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << Here's our choice of the best malware removal software on the market These are the best ransomware protection tools Protect your devices with these best antivirus software

    According to their analysis, FiveSys seems to be designed to target online games in order to steal their credentials and hijack in-game purchases. Abusing the process

    Bitdefender believes that FiveSys, and the Netfilter rootkit, which was the first one to abuse Microsofts digital signing process, arent isolated incidents, and perhaps point towards a new trend of malware using WHQL signatures.

    The basis for their argument are the lucrative new driver signing
    requirements from Microsoft, which demand drivers to be digitally signed by the company in order for them to be accepted by Windows .

    This new requirement ensures that all drivers are validated and signed by the operating system vendor rather than the original developer and, as such, digital signatures offer no indication as to the identity of the real developer, says Bitdefender suggesting that submitting to the process helps the threat actors hide their identity.

    While their motivations seem to be clear, how exactly they managed to work around the certification process to obtain legitimate certificates, continues to remain a mystery.

    Soon after discovering the malware though, Bitdefender reached out to Microsoft to flag this abuse of digital trust, leading to the software giant revoking the signature. These are the best endpoint protection tools



    ======================================================================
    Link to news story: https://www.techradar.com/news/cybercriminals-have-found-a-way-to-get-their-ma lware-certified-by-microsoft/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)