Hackers somehow got their rootkit a Microsoft-issued digital signature

Cybersecurity researchers at Bitdefender have detailed how cyber criminals have been using FiveSys, a rootkit that somehow made its way through the driver certification process to be digitally signed by Microsoft.  

The valid signature enables the rootkit – malicious software that allows cyber criminals to access and control infected computers – to appear valid and bypass operating systems restrictions and gain what researchers describe as “virtually unlimited privileges”. 

It’s known for cyber criminals to use stolen digital certificates, but in this case, they’ve managed to acquire a valid one. It’s a still a mystery how cyber criminals were able to get hold of a valid certificate. 

“Chances is that it was submitted for validation and somehow it got through the checks. While the digital signing requirements detect and stop most of the rootkits, they are not foolproof,” Bogdan Botezatu, director of threat research and reporting at Bitdefender told ZDNet. 

It’s uncertain how FiveSys is actually distributed, but researchers believe that it’s bundled with cracked software downloads

SEE: A winning strategy for cybersecurity (ZDNet special report) 

Once installed, FiveSys rootkit redirects internet traffic to a proxy server, which it does by installing a custom root certificate so that the browser won’t warn about the unknown identity of the proxy. This also

Read More: https://www.zdnet.com/article/hackers-somehow-got-their-rootkit-a-microsoft-issued-digital-signature/#ftag=RSSbaffb68