A group of Chinese hackers managed to spread malware without it being detected by security software by signing it with a VPN certificate. This makes it invisible to anti-viruses and the like.
THE hackers and the security software constantly playing cat and mouse. The former want to slip through the cracks, and the latter want to catch them before they do any damage. On Android smartphones, this sometimes involves the use of a very simple trick. On computers, a group of Chinese hackers had an original idea to make their malware invisible. They used the (legitimate) certificate of a VPN.
A electronic certificate is a kind of official signature to ensure the identity of the person or company behind a document or, here, software. It includes various information such as the name of the entity, a validity date, the associated encryption system, etc. If a program has a valid certificate, anti-viruses have no reason to suspect it of being infected and therefore do not react after analysis. This is what happened with this malware.
Malware signed with a VPN certificate becomes undetectable by anti-viruses
“Signed” with the certificate of the VPN Ivacyproduced by the company PMG PTE LTD of Singapore, apparently legitimate archives were able to embed infected files undetected. There are known names like Adobe Creative Cloud, MacAfee VirusScan or Microsoft Edge. By believing to install the associated software, the victim actually opens the door to the malware on his machine.
Also read – Beware, this ransomware disguises itself as a cybersecurity solution to steal all your data
The Chinese hackers were obviously targeting theSouth East Asiaand more particularly the gambling industry. The malware was planned not to trigger in France, Germany, Russia, India, Canada, United Kingdom and United States. The goal was to reduce the chances of detection, but the system was poorly implemented. According to the teams behind the discovery, the VPN signing certificates were probably stolen from the company concerned. “A usual technique” for pirates of the Middle Kingdom according to them.
Source: Bleeping Computer