Malware uses legitimate certificates to spy on PCs
By Cloud Direct • 14 Jun 2016
Digital certificates are often used to determine how trustworthy a site is.
However, new findings published by Zscaler's ThreatLabZ revealed that a new malware family is using compromised digital certificates to avoid detection.
The way it works is it monitors the activity on an infected PC and conveys that information back to cyber criminals.
In order to spread the virus, a phishing campaign is sent around via email. Known as Spymel, the malware is often difficult to spot as it uses legitimate certificates that were issued by DigiCert.
Zscaler head of security research Deepen Desai said in an interview published by scmagazine.com: “There are a lot of security vendors who do not perform SSL inspection. You have to do SSL man in the middle inspection. A lot of these advanced attacks are multi-stage attacks trying to exploit this scenario.”
The malware is also able to log keystrokes and prevents the user from terminating the malware through system tools like TaskMgr, Procexp, ProcessHacker and Taskkill.
Share this post