1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Key trusted Microsoft platform exploited to enable malware, exper

    From TechnologyDaily@1337:1/100 to All on Monday, March 24, 2025 15:30:08
    Key trusted Microsoft platform exploited to enable malware, experts warn

    Date:
    Mon, 24 Mar 2025 15:26:00 +0000

    Description:
    Microsoft Trusted Signing is being abused to grant malware short-lived certificates and help it bypass endpoint protection.

    FULL STORY ======================================================================Trusted Signing, a Microsoft certificate-signing service, is being abused by criminals, researchers are saying The criminals are signing malware with short-lived, three-day certificates Microsoft is actively monitoring for certificate abuse

    Cybersecurity experts have warned Trusted Signing, Microsofts code-signing platform, is being abused to grant malware certificates and help it bypass endpoint protection and antivirus programs.

    Certificates are digital credentials that verify the authenticity, integrity, and security of software. They use cryptographic keys to establish secure communications and prevent tampering or impersonation, and are considered crucial for encrypting sensitive data, ensuring secure transactions, and maintaining user trust. In software development, code-signing certificates validate that an application has not been altered after release.

    Microsoft describes Trusted Signing as a, fully managed, end-to-end signing solution that simplifies the certificate signing process and helps partner developers more easily build and distribute applications. Lumma Stealer and others

    However, BleepingComputer reports multiple researchers observing threat
    actors using Trusted Signing to sign their malware with short-lived,
    three-day code-signing certificates.

    Software signed this way will remain valid until the certificate is revoked, which suggests that the malware could successfully bypass security solutions for a lot longer.

    The malware samples they analyzed were signed by "Microsoft ID Verified CS
    EOC CA 01, it was said.

    Among the campaigns abusing Microsoft are Crazy Evil Traffers crypto heist, and Lumma Stealer.

    One of the ways Microsoft seems to be tackling this issue is to only allow certificates to be issued under the name of a company thats been operational for at least three years.

    However, individuals can sign up and get faster approval, if the certificate is issued under their name.

    Microsoft says it is constantly monitoring the landscape and revoking certificates that were found to have been abused.

    "When we detect threats we immediately mitigate with actions such as broad certificate revocation and account suspension. The malware samples you shared are detected by our antimalware products and we have already taken action to revoke the certificates and prevent further account abuse, the company noted. You might also like This VPN is being abused to spread malware We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/key-trusted-microsoft-platform-exploite d-to-enable-malware-experts-warn


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)