Skip to main content

Attackers disguising malware as website certificate errors

(Image credit: Photo Credit: andriano.cz/Shutterstock)

Hackers are trying to scam people into downloading malware using fake certificate expiry notifications, according to researchers from cybersecurity firm Kaspersky.

The campaign is simple by design; hackers find vulnerable websites and introduce a fake notification, which covers the entire page when a user navigates onto the site. The website's address remains legitimate, and the message displayed appears genuine as well.

The notification claims the website's security certificate has expired and that a new one must be downloaded in order to keep the visitor secure. But if the user interacts with the notification, the Buerak Trojan downloader is automatically installed, which then downloads even more malware.

The download file carries the name Certificate_Update_v02.2020.exe, and the message warning the victim of the fake vulnerability reads: "NET::ERR_CERT_OUT_OF_DATE".

Security certificates are digital pieces of code that are issued by Certification Authorities, used to encrypt the information flowing between the user and the website so it cannot be intercepted. This ensures data such as payment information or login credentials isn't stolen en-route.

These certificates have an expiration date and, when they expire, websites may become vulnerable to eavesdropping by a third-party.