Security Alerts Stolen D-Link Certificates Used By Malware

Monday, Jul 16, 2018

Security researchers have discovered that stolen valid digital certificates from D-Link have been used to sign malware, giving them the appearance of legitimate applications. Used for cryptographically signing software, digital certificates issued by a trusted certificate authority are trusted by your computer, and allow the execution of those programs without any warning messages.

Lately malicious actors have been utilizing compromised code signing certificates associated with trusted software vendors in order to sign their malicious code, in order to prevent their from malware being detected. This recently identified malware has been using valid digital certificates that were owned by the network equipment manufacturer D-Link to install a remotely controlled backdoor, or to collect saved browser passwords on a compromised system.

The compromised certificates were revoked on July 4th, 2018, but be advised that some antivirus software fails to check the validity of a digital certificate even after the signatures have been revoked.

As always, we here at Nuspire advise caution any time you are downloading, installing, or running new or previously untrusted applications.