Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Malware authors using means to make their malware look similar to legitimate software

Malware authors using means to make their malware look similar to legitimate software


Malware authors use various means to make their malware look like legitimate software. One such approach involves signing a malware sample with a digital certificate. Recently security researchers discovered that the “Dridex” malware authors are using this technique. Dridex is a banking Trojan which typically arrives to a system via malicious spam email with a Microsoft Office file as an attachment. These files will have embedded macros that lead to the download and installation of the Dridex Trojan. Dridex then attempts to steal the victim's banking credentials and system information. As per security experts, the use of a legitimate certificate in signing malware executables to evade security detection is not new but is still very effective. The malware author aims to exploit the Code-Signing Certificate based whitelisting approach by signing their samples.
 
Source:
 
Zscaler
 
Team Cymru
 
Tripwire
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis