Ask Fitis, the Bear: Real Crooks Sign Their #Malware
Default thinking (and the intention of digital signing) should, in theory, "guarantee" the identity of developers/vendors of #software
Threat actors can use code signing certs to bypass common #windows detection mechanisms - AKA your #antivirus.
So, if it's signed, is it safe? Depends.
#cybersecurity #infosec #security #opsec
https://krebsonsecurity.com/2023/06/ask-fitis-the-bear-real-crooks-sign-their-malware/
Avoid The Hack! /
npub1vk…7w6p2
2023-06-07 13:18:01
Author Public Key
npub1vkypeczpkdeu63xx5qdm4sl775wkcdkgmxsw88cyjzcemztwrm6sd7w6p2Published at
2023-06-07 13:18:01Event JSON
{
"id": "5accc306a4488a10e569694536c9c7bdb24016eabf045f890f16e3a1de8159e5",
"pubkey": "65881ce041b373cd44c6a01bbac3fef51d6c36c8d9a0e39f0490b19d896e1ef5",
"created_at": 1686143881,
"kind": 1,
"tags": [
[
"t",
"malware"
],
[
"t",
"software"
],
[
"t",
"windows"
],
[
"t",
"antivirus"
],
[
"t",
"cybersecurity"
],
[
"t",
"infosec"
],
[
"t",
"security"
],
[
"t",
"opsec"
],
[
"mostr",
"https://mastodon.social/users/avoidthehack/statuses/110503125393625682"
]
],
"content": "Ask Fitis, the Bear: Real Crooks Sign Their #Malware \n\nDefault thinking (and the intention of digital signing) should, in theory, \"guarantee\" the identity of developers/vendors of #software\n\nThreat actors can use code signing certs to bypass common #windows detection mechanisms - AKA your #antivirus.\n\nSo, if it's signed, is it safe? Depends.\n\n#cybersecurity #infosec #security #opsec\n\nhttps://krebsonsecurity.com/2023/06/ask-fitis-the-bear-real-crooks-sign-their-malware/",
"sig": "61179a2ab96a231a117b3780ad5a24ecfa328b373a1db5c0af21d07c348c3b4a77af17dd54e48b1326fb3b8c7df387d9eabd23864d77d7cd1aeebd2b34d5cf5b"
}