It’s not a new thing for hackers to abuse stolen digital code-signing certificates, but the scope and scale of it appears to be much more wide spread than security researchers thought. The University of Maryland found 72 compromised certificates after analyzing field data collected by Symantec on 11 million hosts worldwide. This may not sound like a lot, but most of them were not previously known. Even more interesting is the fact that code-signing certificates are readily available for purchase on the dark web. How secure is the web going to be if this keeps up?



Code-signing certificates are used to verify the authenticity and integrity of computer applications and software. Cyber criminals can take advantage of compromised code-signing certificates to install malware on enterprise networks and consumer devices.

Discussion

Source: [H]ardOCP – Hackers Continue to Abuse Digital Certs