Malware that was signed with a Sony certificate hit Kaspersky's radar this week – but it appears a researcher, rather than malicious attackers, signed the malware as a prank.
After publishing its findings Tuesday on the Destover malware sample, Kaspersky updated its blog post on Wednesday once it got word of the “joke.”
Destover, also known as Wipall, is wiper malware that has been compared to other threats, like Shamoon and Jokra, a trojan used in the Dark Seoul attacks last year.
“Reports indicate the ‘researcher' reached out to the certificate authorities to get the certificate revoked after submitting the malware online,” Kaspersky's updated post revealed. On Twitter, security analyst Colin Keigher said that the researcher, “who doesn't want to be named,” found the Sony certificate, “then went and signed the malware” with it, before uploading the sample to VirusTotal.