Malwarebytes warns users of ‘certified’ banking Trojan

Security vendor sounds alarm over emergence of new password-stealing Trojan.

Malwarebytes logo

Security software vendor Malwarebytes has issued an alert over the emergence of a new certified Trojan'.

The malware is a Brazilian banking and password stealer that has been signed with a valid digital certificate issued by DigiCert.

Clearly, if digital certificates can be abused so easily, we have a big problem on our hands

"The purpose of a digital signature is to guarantee the authenticity of a file from a particular vendor and is provided by one of a few certificate authorities," said senior security researcher Jerome Segura in a blog post.

"[However], this certificate is issued to a company called Buster Paper Comercial Ltda', a Brazilian company that actually does not exist and was registered with bogus data," Segura added.

The malware is disguised as a PDF and when opened appears to show a genuine invoice. However, in the background, it downloads a banking Trojan.

As Segura points out, the theft or mis-signing of digital certificates is not new and this particular banking Trojan has used this method of infection before.

"What we have here is a total abuse of hosting services, digital certificates and repeated offenses from the same people.

"Clearly, if digital certificates can be abused so easily, we have a big problem on our hands," said Segura.

Malwarebytes said, even in the face of more sophisticated and underhand threats such as this, "the same old tips still hold very true".

The company advises users not to open an attachment, even from someone they know, without first doing a thorough check on it.

It added, even if a file is digitally signed, it does not guarantee it is safe to use.

"A lot of potentially unwanted applications can use a digital certificate and, of course, malware can too," said Segura.

"Always check the file extension... [and] never trust file icons. Just because it looks like a Word document or PDF file does not mean it is. With that in mind, stay safe," Segura concluded.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021
Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
Qualcomm modem flaw puts millions of Android users at risk
Google Android

Qualcomm modem flaw puts millions of Android users at risk

6 May 2021