CyberSecurity news
FlagThis
Lawrence Abrams@BleepingComputer
//
Cybercriminals are exploiting Microsoft's Trusted Signing Service by using short-lived, three-day code-signing certificates to sign malware executables. These certificates, issued by "Microsoft ID Verified CS EOC CA 01," make malicious software appear legitimate, allowing it to bypass security filters that typically block unsigned executables. This method of exploitation poses a significant threat to cybersecurity, as it provides a window of opportunity for malware to operate under the guise of legitimacy.
Microsoft is actively monitoring threats and working to mitigate the abuse of its Trusted Signing Service. When threats are identified, Microsoft revokes certificates and suspends accounts to prevent further misuse. The holy grail for threat actors is to obtain Extended Validation (EV) code-signing certificates, as they automatically gain increased trust from many cybersecurity programs due to the more rigorous verification process. The rapid issuance and expiration of certificates make it challenging to detect and revoke them quickly enough to stop all malware campaigns.
ImgSrc: www.bleepstatic
References :
Microsoft is actively monitoring threats and working to mitigate the abuse of its Trusted Signing Service. When threats are identified, Microsoft revokes certificates and suspends accounts to prevent further misuse. The holy grail for threat actors is to obtain Extended Validation (EV) code-signing certificates, as they automatically gain increased trust from many cybersecurity programs due to the more rigorous verification process. The rapid issuance and expiration of certificates make it challenging to detect and revoke them quickly enough to stop all malware campaigns.
ImgSrc: www.bleepstatic
Share:
References :
- bsky.app: Microsoft Trust Signing service abused to code-sign malware
- The DefendOps Diaries: The Double-Edged Sword of Microsoft's Trusted Signing Service
- www.bleepingcomputer.com: Microsoft Trust Signing service abused to code-sign malware
- bsky.app: Microsoft Trust Signing service abused to code-sign malware
- ThreatMon: Microsoft Trust Signing service abused to code-sign malware buff.ly/YpeHL9S
- Patrick C Miller :donor:: Microsoft Trust Signing service abused to code-sign malware
- securityonline.info: Microsoft Trust Signing service abused to code-sign malware
- gbhackers.com: Microsoft Trust Signing service abused to code-sign malware
- www.scworld.com: Malware code-signed using Microsoft Trusted Signing service
- Techzine Global: Microsoft Trusted Signing misused for malware
- www.techradar.com: Microsoft Trusted Signing is being abused to grant malware short-lived certificates and help it bypass endpoint protection.
- BleepingComputer: Microsoft Trusted Signing service abused to code-sign malware
- Techzine Global: Microsoft tool masks malware for cybercriminals
Classification:
- HashTags: #Microsoft #Malware #Cybercrime
- Company: Microsoft
- Target: Microsoft Customers
- Product: Trusted Signing Service
- Feature: Code-Signing Abuse
- Type: Malware
- Severity: Medium