Underground cybercrooks are selling digital certificates that allow code signing of malicious instructions, creating a lucrative and expanding cottage industry in the process, according to new research from threat intelligence firm InfoArmor.
In one case, a hacker tricked a legitimate certificate authority into issuing digital certificates for malware before marketing a cyber-espionage tool called GovRAT.
InfoArmor found posts promoting code-signing certificates in various underground marketplace. Hackers price these certificates at between $600-$900 depending on the issuing company. Code-signing certificates issued by Comodo, Thawte DigiCert and GoDaddy – firms well known for supplying digital credentials to legitimate software developers – are among those on offer. Security experts from Tripwire and CertiVox have the following comments on it.