Warning: Digitally Signed Malware is On the Rise

What Is Digitally Signed Malware?

As the software application is digitally code-signed then it denotes that this software carries an official crypto-graphic signatures and a certificate is issued by the Certificate Authority who claims that the software program is truly legitimated as well as secured for being used. These malware uses fake signatures which not only allows the remote hackers to perform some unauthorized actions on the affected user’s devices but also helps in building the trust between the software developers and the victim.

Attackers Steal Digitally Signed Certificates From Certificate Authority

However if the malware authors can easily sign its malicious codes by using some official crypto-graphic signature and certificates that are associated with the trusted software vendors in order to reduce the possibilities of the malware which can get detected on the infected enterprises networks of contaminated devices. And these signing allows the malware to get encroached into the network filters and security controls which can be further used for phishing campaigns.

Originating Point Of Digitally Signed Malware

The variant of Gh0st RAT (Remote Access Trojans) is used in the attack for stealing the confidential certificated documents from the victimized computer system. The malware researchers team from Kaspersky Lab has identified some components that are specially designed to steal these certificates from a Swiss company named Conpavi AG which is known to work with the swiss government agencies like cantons and municipalities. The malware threats can be spotted as Trojans- Dopper. Win32/Win64. Mediyes which is a part of fraud click scheme.

How Digitally Signed Malware are Failed To Get Detected?

The top anti-viruses products from Microsoft, Kaspersky Labs, TrendMicro, Commodo and Symantec such as Tencent, Paloalto and nProtect are failed to detect these malicious digitally signed malware into the compromised devices as they are having the invalid and expired certificates linked to their suspicious code. Some other infected anti-virus packages are Fortinet, Sophos, Avira, SentinelOne, CrowdStrike, TrendMicro, Qihoo and Malwarebytes etc.

The malware experts can get benefited by stealing and signing sup into their malicious cyber threats with enormous digital certificates. As we know that single digital certificate can efficiently helps the attackers to achieve their targeted goal of gaining the tremendous amount of illegal revenue from the corrupted computer system.


The malware researchers strongly advice the companies or organisations to maintain the strongest cyber security practices and also stores its crucial certificates and corresponding keys in the secured environment. The victim should be over protective against each malicious threats and first check all the certificates before getting attached to any suspicious files. They must uses precautions while dealing with any kind of malicious links and on opening of any attachments in unrequested emails.

Leave a Comment

Your email address will not be published. Required fields are marked *