The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Stolen D-Link certificates used in malware campaigns

2018-07-10 15:52 by
Tags: ,

 

ESET Security has recently discovered that a group of hackers was using legitimate security certificates stolen from D-Link and Changing Information Technology to help spread Plead malware.

The certificates were used to cryptographically verify that legitimate software was issued by D-Link and Changing Information Technology. Microsoft Windows, Apple’s macOS, and most other operating systems rely on the cryptographic signatures produced by such certificates to help users ensure that executable files attached to emails or downloaded on websites were developed by trusted companies rather than malicious actors masquerading as those trusted companies.

"Our analysis identified two different malware families that were misusing the stolen [D-Link] certificate – the Plead malware, a remotely-controlled backdoor, and a related password stealer component," stated ESET. "Recently, the JPCERT published a thorough analysis of the Plead backdoor, which, according to Trend Micro, is used by the cyber-espionage group BlackTech."

According to ESET, the malware collects saved passwords from Google Chrome, Microsoft Internet Explorer, Microsoft Outlook, and Mozilla Firefox.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About