Technology

Malware Found With Microsoft Valid Code Signature

Microsoft proves once again that signed code is not necessarily more trustworthy than anyone else. A valid signature of the company is currently ennobling a rootkit, which of course can easily nestle on computers.

Bitdefender security researchers have discovered and analyzed the malware called FiveSys. It turned out that the digital signature with which the code is signed was issued by Microsoft and not forged or stolen. BitDefender has notified Microsoft of the problem and the company has since withdrawn the signature.

It’s not the first case. In the past few months, Bitdefender experts have been paying close attention to the spread of malicious drivers with valid digital signals issued as part of the Microsoft WHQL signature process. According to previous knowledge, the corresponding activities mostly originate in China, and users there are primarily attacked.

Target Is Mostly gamers

The target is usually online gamers who are infected via the typical communication channels of the game scene. Nor does the signed malware come from a single source. This is supported by the fact that some of them have very similar functions, but are implemented completely differently.

How exactly the criminals get the valid Microsoft signatures, is not yet entirely clear. However, it should essentially work in such a way that the attackers have found a way to go through the automatic signature systems in a camouflaged manner – because the software company cannot possibly have employees thoroughly examine all code that is submitted worldwide. And since the way is known, other malware with valid signatures is likely to appear soon. So it’s up to Microsoft to find the problem and fix it.