There is a banking Trojan capable of bypassing traditional security by spoofing legitimate digital certificates.
The certificate used by the malware is usually legitimate but it is now going out via a fake-company set up to get hold of the certificates from Digicert, said researchers at security vendor Malwarebytes.
The certificate allows the hacker to sneak a PDF file infected with the Trojan past most computer security systems. Malwarebytes said the malware had already targeted high-profile firms.
“The malware is a banking/password stealer using email to spread. It appears to be a PDF invoice with a valid certificate issued to a real Brazilian software company which was issued by SSL certificate authority DigiCert,” said senior security researcher at Malwarebytes Jerome Segura.
Digital certificates end up using coded signatures used by companies to guarantee the authenticity of a file they are sending.
The attack does have some similarities to the Flame and Stuxnet. Flame broke new ground in 2012 being the first malware able to mimic a Microsoft update certificate.
“This Trojan is a new breed of intelligent malware, able to fool even the most acclaimed digital certificate authorities. Cyber criminals are finding new and more deceitful ways to disguise malware as trustful programs in order to attack systems and take your personal identity,” Segura said.
Malwarebytes warned attacks similar to the recently unearthed banking Trojan will grow to be one of the most dangerous cyber threats facing businesses.
“This problem will continue to get worse as it’s too easy for anybody who does a bit of research to either impersonate a company or set up a fake website as if it were a company and then buy a certificate,” said Segura.
“Once a Trojan like this gets into a business network computer, it will steal business-sensitive data,” Segura said. “Business’ IT departments must ensure they keep up to date with the latest threats in order to make sure commercial information doesn’t get into the wrong hands.”