Advertisement
Advertisement

Fake signatures letting malware sneak onto your PC

Barry Collins
3 Sep 2015
Anti-virus
Advertisement

McAfee warns of growing threat of software bearing false signatures

Malware bearing a "digital signature" that makes it appear to be a legitimate application is becoming a major problem, according to the Intel-owned security firm McAfee. The company claims it has now detected more than 20 million pieces of malware bearing false signatures, which could trick their way past defences such as Windows' User Account Control.

The number of pieces of malware bearing stolen or counterfeit digital certificates has doubled since the first half of 2014, according to McAfee. Software with what appears to be a legitimate signature may not trigger warnings such as pop-up messages warning users of the dangers of installing unsigned software, which have been used to weed out many forms of malware.

The company says the software industry has long been aware of this emerging threat, but has been slow to respond. "Through the use of stolen or counterfeit signing credentials, attackers can make their code appear trustworthy," reads a post by Matthew Rosenquist, a cyber-security strategist, on the McAfee blog. "This tactic works very well and is becoming ever more popular as a mechanism to bypass typical security controls."

"Signing allows malware to slip past network filters and security controls, and can be used in phishing campaigns," he adds. "This is a highly effective trust-based attack, leveraging the very security structures initially developed to reinforce confidence when accessing online content."

Rosenquist says new "tools and practices are being developed" to combat the use of fake signatures, but that "adoption is slow - which affords a huge opportunity for attackers". What's more, hackers are writing malware specifically to steal digital certificates, allowing them to propagate further attacks. 

"Maliciously signed malware is a significant and largely underestimated problem," Rosenquist concludes. "Signed binaries are much more dangerous than the garden variety of malware. Until effective and pervasive security measures are in place, this problem will grow in size and severity."