Malware creators have figured out a clever new way to hoodwink Windows 10 security
Google researchers have spotted malware developers employing a novel trick to confuse and break Windows 10 malware scans by using deliberately malformed signatures on valid certificates.
Cybersecurity researcher with Google’s Threat Analysis Group (TAG) Neel Mehta has shared details about the new trick that’s employed by the developers of the OpenSUpdater malware.
Mehta observed samples of the malware signed with legitimate but intentionally malformed certificates, which confused the scanning mechanism since the certificates were accepted by Windows, but rejected by OpenSSL.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
“Security products using OpenSSL to extract signature information will reject this encoding as invalid. However, to a parser that permits these encodings, the digital signature of the binary will otherwise appear legitimate and valid,” notes Mehta.
Novel approach
Decoding the technical wizardry behind the ploy, BleepingComputer explains that in essence the technique breaks certificate parsing for OpenSSL, preventing parsers from decoding the digital signatures to check their authenticity.
This enables the malicious samples to avoid detection by security solutions that use OpenSSL-powered detection rules, giving them unimpeded access to their victim’s computer.
Mehta adds that the technique is perhaps the first instance of threat actors using this technique to evade detection. Moreover, so far the technique is only being used by the authors of the OpenSUpdater malware, to inject ads into victims’ browsers and install other unwanted programs onto their devices.
However, since first discovering this activity, OpenSUpdater’s authors have tried other variations of invalid encodings to further evade detection.
Google TAG has also reported the innovative evasion tactic to Microsoft, even as they work with the Google Safe Browsing team to block this family of unwanted software.
Via BleepingComputer
Google researchers have spotted malware developers employing a novel trick to confuse and break Windows 10 malware scans by using deliberately malformed signatures on valid certificates. Cybersecurity researcher with Google’s Threat Analysis Group (TAG) Neel Mehta has shared details about the new trick that’s employed by the developers of the…
Recent Posts
- Blink and you missed it: Google has a new pair of prototype AR glasses
- No thanks Google, I don’t want an AI yoga bestie
- The US moves to stop buying uranium from Russia and start producing it at home
- MacOS devices are being targeted with PyPI backdoor to sneak into corporate networks
- Gemini will be accessible in the side panel on Google apps like Gmail and Docs
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011