Malwarebytes warns users of ‘certified’ banking Trojan

Security vendor sounds alarm over emergence of new password-stealing Trojan.

Malwarebytes logo

Security software vendor Malwarebytes has issued an alert over the emergence of a new certified Trojan'.

The malware is a Brazilian banking and password stealer that has been signed with a valid digital certificate issued by DigiCert.

Clearly, if digital certificates can be abused so easily, we have a big problem on our hands

Advertisement - Article continues below

"The purpose of a digital signature is to guarantee the authenticity of a file from a particular vendor and is provided by one of a few certificate authorities," said senior security researcher Jerome Segura in a blog post.

"[However], this certificate is issued to a company called Buster Paper Comercial Ltda', a Brazilian company that actually does not exist and was registered with bogus data," Segura added.

The malware is disguised as a PDF and when opened appears to show a genuine invoice. However, in the background, it downloads a banking Trojan.

As Segura points out, the theft or mis-signing of digital certificates is not new and this particular banking Trojan has used this method of infection before.

"What we have here is a total abuse of hosting services, digital certificates and repeated offenses from the same people.

"Clearly, if digital certificates can be abused so easily, we have a big problem on our hands," said Segura.

Advertisement - Article continues below
Advertisement - Article continues below

Malwarebytes said, even in the face of more sophisticated and underhand threats such as this, "the same old tips still hold very true".

The company advises users not to open an attachment, even from someone they know, without first doing a thorough check on it.

It added, even if a file is digitally signed, it does not guarantee it is safe to use.

"A lot of potentially unwanted applications can use a digital certificate and, of course, malware can too," said Segura.

"Always check the file extension... [and] never trust file icons. Just because it looks like a Word document or PDF file does not mean it is. With that in mind, stay safe," Segura concluded.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



What is a Trojan?

24 Apr 2020

K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020