Key trusted Microsoft platform exploited to enable malware, experts warn

LovabledanielsMarch 24, 202554 Views

Trusted Signing, a Microsoft certificate-signing service, is being abused by criminals, researchers are saying
The criminals are signing malware with short-lived, three-day certificates
Microsoft is actively monitoring for certificate abuse

Cybersecurity experts have warned Trusted Signing, Microsoft’s code-signing platform, is being abused to grant malware certificates and help it bypass endpoint protection and antivirus programs.

Certificates are digital credentials that verify the authenticity, integrity, and security of software. They use cryptographic keys to establish secure communications and prevent tampering or impersonation, and are considered crucial for encrypting sensitive data, ensuring secure transactions, and maintaining user trust. In software development, code-signing certificates validate that an application has not been altered after release.

Microsoft describes Trusted Signing as a, “fully managed, end-to-end signing solution that simplifies the certificate signing process and helps partner developers more easily build and distribute applications.”

Lumma Stealer and others

However, BleepingComputer reports multiple researchers observing threat actors using Trusted Signing to sign their malware with “short-lived, three-day code-signing certificates”.

Software signed this way will remain valid until the certificate is revoked, which suggests that the malware could successfully bypass security solutions for a lot longer.

The malware samples they analyzed were signed by “Microsoft ID Verified CS EOC CA 01,” it was said.

Among the campaigns abusing Microsoft are Crazy Evil Traffers’ crypto heist, and Lumma Stealer.

One of the ways Microsoft seems to be tackling this issue is to only allow certificates to be issued under the name of a company that’s been operational for at least three years.

However, individuals can sign up and get faster approval, if the certificate is issued under their name.

Microsoft says it is constantly monitoring the landscape and revoking certificates that were found to have been abused.

“When we detect threats we immediately mitigate with actions such as broad certificate revocation and account suspension. The malware samples you shared are detected by our antimalware products and we have already taken action to revoke the certificates and prevent further account abuse,” the company noted.

Weekly update

US reports second air traffic control outage at New Jersey airport | Donald Trump News

India, Pakistan exchange claims over drone strikes | Military

Mexico is suing Google over ‘Gulf of America’ label, Sheinbaum says | US-Mexico Border News

Weekly Newsletter

Key trusted Microsoft platform exploited to enable malware, experts warn

Leave a comment

Leave a Reply Cancel reply

Explore more

India, Pakistan exchange claims over drone strikes | Military

Mexico is suing Google over ‘Gulf of America’ label, Sheinbaum says | US-Mexico Border News

Barcelona vs Real Madrid: LaLiga El Clasico; team news, how to follow | Football News

Kali Uchis, UMI, Naomi Sharon, And More New R&B

Improving the performance of Cu₂SrSnS₄ solar cells with inorganic hole transport layers

A new Samsung Galaxy Z Fold 7 leak may have revealed the foldable phone’s dimensions and super-thin bezels

Physical buttons are finally making a comeback in cars, thanks to new safety guidelines – but I’m bracing myself for more irritating user experiences

UK government to replace SMS logins with secure passkeys in major digital identity overhaul across GOV.UK services

Get to Know Us

Let's keep in touch