The number of legitimate certificates used to sign malware jumped from 1,500 to more than 6,000 in only six years.
A Kaspersky Lab blog post detailed the increasingly pervasive threat and how attackers are most commonly using legally obtained certificates to sign off on malicious endeavors. The researchers revealed how cybercriminals can gain access to a software manufacturer’s corporate network and use its Build server to compile a malicious file, which is automatically signed with the company’s digital signature. This attack is rare, however.
Alternatively, malicious attackers take over a web installer for legal software and change the link so a different distribution kit is downloaded. Malware, then, is downloaded and installed on a user’s system.
Kaspersky recommended limiting the launch of software programs to only those from a reputable manufacturer as one way to mitigate the threat of attack.