D-Link stolen Certificate Used to Digitally Sign Spying Malware


D-Link stolen Certificate Used to Digitally Sign Spying Malware

D-Link Corporation changed its name from Datex Systems Inc. in 1994, when it went public and when it became the first networking company on the Taiwan Stock Exchange. It is now publicly traded on the TSEC and NSE stock exchanges.

In 2007, it was the leading networking company in the small to medium business (SMB) segment worldwide with 21.9% market share. In March 2008, it became the market leader in Wi-Fi product shipments worldwide, with 33% of the total market.

Digitally signed malware has become much more common in recent years to mask malicious intentions.

Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, including D-Link, to sign their malware and making them look like legitimate applications.

However, malware author and hackers who are always in search of advanced techniques to bypass security solutions have seen been abusing trusted digital certificates in recent years.





D-Link cert used to sign PLEAD malware samples

BlackTech operators used the stolen cert to sign two malware payloads —the first is the PLEAD backdoor, while the second is a nondescript password stealer.

According to a 2017 Trend Micro report, the BlackTech group has used the PLEAD malware in the past. Just like in previous attacks, the group’s targets for these most recent attacks were again located in East Asia, particularly in Taiwan.

The password stealer isn’t anything special, being capable of extracting passwords from only four apps —Internet Explorer, Google Chrome, Mozilla Firefox, and Microsoft Outlook.

Following Cherepanov’s report about BlackTech using one of its certificates, D-Link revoked it last Tuesday, July 3. Before the revocation, the certificate was being used to secure the web panel of mydlink IP cameras.





APT used another certificate, but that one was older

In addition to the malware samples signed with the D-Link cert, Cherepanov also discovered some BlackTech malware samples signed with a certificate belonging to Taiwanese tech firm Changing Information Technology, Inc.

But unlike the D-Link certificate, this one had been revoked last year, on July 4, 2017, meaning it wasn’t that useful really that useful.

By signing the malicious files, BlackTech made their malware appear as a legitimate app from a trusted source to the underlying OS.

It’s no surprise seeing a supposed nation-state attacker with nearly unlimited resources abusing stolen certificates. A Recorded Future investigation published at the start of the year revealed that most common crooks couldn’t afford to buy digital certificates off the black market due to their prohibiting costs. Most stolen certificates remain only in the arm shot of APTs and highly-advanced financial crime groups.





Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses: