- The signing of trust, a microsoft certificate signature service, is abused by criminals, say researchers
- Criminals sign malicious software with short -term certificates of three days
- Microsoft actively monitors the abuse of certificates
Cybersecurity experts have warned the signing of trust, the Microsoft code signature platform, is abused to grant malware certificates and help them bypass the protection of ends and antivirus programs.
Certificates are digital identification information that checks the authenticity, integrity and security of software. They use cryptographic keys to establish secure communications and prevent falsification or identity, and are considered crucial to encrypting sensitive data, ensuring secure transactions and maintaining user confidence. In the development of software, code signature certificates validate that an application has not been changed after the release.
Microsoft describes the signing of trust as a fully managed end -to -end signature solution that simplifies the certificate signature process and helps partner developers more easily create and distribute applications. »»
Lumma Stealer and others
However, Bleeping Compompute Reports several researchers observing threat actors using the signing of confidence to sign their malware with “short -term code signature certificates of three days”.
The software signed in this way will remain valid until the certificate is revoked, which suggests that malware could successfully circumvent security solutions for much longer.
The malware samples they have analyzed were signed by “Microsoft ID verified CS EOC CA 01”, it was said.
Among Microsoft’s abuse campaigns are Crazy Evil Traffers Crapto, and Lumma Stealer.
One of the ways in which Microsoft seems to tackle this problem is to authorize only certificates under the name of an operational company for at least three years.
However, individuals can register and obtain faster approval, if the certificate is issued under their name.
Microsoft says that he constantly monitored the landscape and the revocation certificates that had been mistreated.
“When we detect the threats, we immediately divert actions such as the revocation of general certificates and the suspension of accounts. The malware samples that you have shared are detected by our anti-anti-logicial products and we have already taken measures to revoke certificates and prevent other account abuses,” noted the company.
