Plead Malware Misuse Valid D-Link Certificate For Its Campaigns
A new malware has been spotted by cyber security researchers which misuse D-Link certificate for its campaign. The very malicious program goes by the name of Plead Malware. According to cyber security firm, their researchers have marked this threat when they found some of their computer mark number of files as suspicious. The malware is reported to steal D-Link which is a valid certificate from Taiwanese tech company and make them legitimate to take advantage. For your information, digital certificates are given by trusted CA (certificate authority). These digital certificate are used by cryptographically sign system application. Such application are allowed by computer for execution without any kind of warning message. Now you may understand how Plead Malware abuse digital certificate to run its malicious process.
Plead Malware Take Advantage Of Stolen Certificates
Plead Malware is a kind of malicious program which allow its author to control it from remote location. According to a research report, this malware is used by an infamous group of hackers known as BlackTech. As mentioned above, the malware has stolen certificate from Taiwanese tech company but realizing the danger, D-Link has revoked certificate of company on 3rd July, 2018. But this doesn’t matter for the hackers because they are still using the certificate for their malicious campaign. The ability of stealing certificate and misusing show that skill of cyber criminals behind this threat.
The junk code of Plead Malware is highly sophisticated but its purpose is similar in all the samples. It is downloaded from a remote server or opens from small encrypted binary blob. This binary blob has encrypted shell code which is used to download the final module of Plead backdoor. Another research report reveals that Plead Malware use to drop password stealer utility on the compromised system. This utility is designed to steal saved password of some application, such as :
- Microsoft Outlook
- Mozilla Firefox
- Microsoft Internet Explorer
- Google Chrome
What Happens With The Stolen Digital Certificate?
Misuse of stolen digital certificate one of the most used ways through which cyber criminals fulfill their malicious intentions. The stolen D-Link certificate let Plead Malware to appear like a legitimate application. This allow the malware to easily bypass security check without any suspicion. Stuxnet worm is another infamous malware which was reported for misusing stolen digital certificate in 2010. The malware was known to steal digital certificate from two famous information technology companies of Taiwan. Such a malware detected in 2017 which is known to replace CCleaner software with the malicious which become possible by stealing digitally signed certificate.
Digital certificate like D-Link are used for verification of software products which prove them as legitimate application. But once these certificate are compromised, they can be used by hackers to install harmful malware on system and network without detected. Plead Malware is a proof that there are active criminal market which steal digitally signed certificate and misuse it. It arise the need of such a technology which help us to counter such misuse of digital certificate.