Malware using fake signatures on the rise

Malicious software is increasingly adopting “digital signatures” to convince victims of its legitimacy.

According to a report by security firm McAfee, signed malware is on the rise, having doubled since the first half of 2014. In total, the company claims that it has detected more than 20 million pieces of malware with false or stolen signatures.

Read more: Reduce the risk of data breaches with new malware detection engine

The findings suggest a major problem for cybersecurity defences, as software containing a falsified digital signature may not trigger warning alerts notifying users that the installation could be malicious.

Matthew Rosenquist, a cyber-security strategist for the Intel Security Group explained that although signing malware requires extra effort on the part of attackers, it is often worth it.

“No longer an exclusive tactic of state-sponsored offensive cyber campaigns, signed malware is now used by cybercriminals and professional malware writers, and has become a widespread problem,” he said. “Signing allows malware to slip past network filters and security controls, and can be used in phishing campaigns. This is a highly effective trust-based attack, leveraging the very security structures initially developed to reinforce confidence when accessing online content.

He added that signing code began as a way of legitimising software, but now hackers have found a way of utilising the technology for their own ends. Despite knowing about the growing threat for some time, the software industry has been slow to react and is only now putting in place tools to limit the use of fake signatures.

“Detective and corrective controls are being integrated into host, data centre, and network-based defences,” Rosenquist added. “But adoption is slow.”

Read more: Kaspersky Lab: Malware targeting banks growing fast

Malware that uses fake signatures not only enables attackers to perform unauthorised actions on the victim’s device, but it also erodes trust between the user and the software developer. Hackers are now developing malicious software with the intention of stealing more certificates, meaning that the problem facing the software industry is only likely to escalate.