• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   cybercriminal underground

Understanding Code Signing Abuse in Malware Campaigns
  • Posted on:April 5, 2018 at 1:00 am
  • Posted in:Malware
  • Author:
    Trend Micro Forward-Looking Threat Research Team
0

Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem regarding code signing abuse, which we will elaborate on in this post.

Code signing is the practice of cryptographically signing software with the intent of giving the operating system (like Windows) an efficient and precise way to discriminate between a legitimate application (like an installer for Microsoft Office) and malicious software. All modern operating systems and browsers automatically verify signatures by means of the concept of a certificate chain.

Valid certificates are issued or signed by trusted certification authorities (CAs), which are backed up by parent CAs. This mechanism relies entirely and strictly on the concept of trust. We assume that malware operators are, by definition, untrustworthy entities. Supposedly, these untrustworthy entities have no access to valid certificates. However, our analysis shows that is not the case.

Read More
Tags: code signingcybercriminal undergroundMalware

Out in the Open: Accessibility in the North American Underground
  • Posted on:December 7, 2015 at 5:48 am
  • Posted in:Bad Sites, Deep Web, Malware
  • Author:
    Stephen Hilt and Kyle Wilhoit (Senior Threat Researchers)
0

In our exploration of the different cybercriminal underground markets, we often note that these black markets are often hard to infiltrate, or even find in the first place. It takes a specific set of skills and knowledge to be able to get inside these underground economies. But not the North American underground. Unlike its counterparts…

Read More
Tags: cybercriminal undergroundDeep Webdrugsfake documentslaw enforcement

Prototype Nation: Emerging Innovations in Cybercriminal China
  • Posted on:November 23, 2015 at 4:57 am
  • Posted in:Malware
  • Author:
    Lion Gu (Senior Threat Researcher)
0

Cybercrime doesn’t wait for anything or anyone. Two years after publishing our last report on the wares and services traded in the bustling Chinese underground, we found that the market’s operations have further expanded. From traditional malware, Chinese cybercriminals are now looking toward newer innovations and technologies to boost their operations. The Chinese underground now…

Read More
Tags: ATM skimmerblack marketChinese cybercrimeChinese undergroundCUEScybercrimecybercriminal undergroundcybercriminal underground economy seriesPOS

Attack of the Solo Cybercriminals – Frapstar in Canada
  • Posted on:May 26, 2015 at 8:08 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

By now cybercrime has become the fastest growing criminal enterprise of the 21st century, run by efficient organizations with great professionalism. Today, news headlines are mostly about large-scale breaches orchestrated by large criminal syndicates. But smaller one-man operations can be equally devastating to the unwitting home users and businesses. This reminds us that cyber criminals…

Read More
Tags: canadacardingcybercrimecybercriminal undergroundinformation theftZeuS

Tracking Activity in the Chinese Mobile Underground
  • Posted on:November 13, 2014 at 4:04 pm
  • Posted in:Mobile
  • Author:
    Lion Gu (Senior Threat Researcher)
0

We first lifted the veil on activities in the Chinese cybercriminal underground in 2012. Since then, we have continually reported about notable changes or activity found in this black market. A few months ago, we noted that the Chinese underground has continued to grow, as the cost of connectivity and hardware continues to fall, and…

Read More
Tags: AVARChinese undergroundcybercriminal undergroundMobile
Page 1 of 212

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • New MacOS Backdoor Linked to OceanLotus Found
  • Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure
  • ChessMaster Adds Updated Tools to Its Arsenal
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
  • Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.