Stolen D-Link certificates used in malware campaigns2018-07-10 15:52 by Daniela
Tags: D-Link, malware
ESET Security has recently discovered that a group of hackers was using legitimate security certificates stolen from D-Link and Changing Information Technology to help spread Plead malware.
The certificates were used to cryptographically verify that legitimate software was issued by D-Link and Changing Information Technology. Microsoft Windows, Apple’s macOS, and most other operating systems rely on the cryptographic signatures produced by such certificates to help users ensure that executable files attached to emails or downloaded on websites were developed by trusted companies rather than malicious actors masquerading as those trusted companies.
"Our analysis identified two different malware families that were misusing the stolen [D-Link] certificate – the Plead malware, a remotely-controlled backdoor, and a related password stealer component," stated ESET. "Recently, the JPCERT published a thorough analysis of the Plead backdoor, which, according to Trend Micro, is used by the cyber-espionage group BlackTech."
According to ESET, the malware collects saved passwords from Google Chrome, Microsoft Internet Explorer, Microsoft Outlook, and Mozilla Firefox.
Read more -here-