OREANDA-NEWS.  According to Kaspersky Lab the number of untrusted certificates used to sign malicious software doubled in the last year. By the end of 2014 the Company’s anti-virus database included more than 6,000 of these certificates. Considering the growing amount of threats related to signing malicious files, our experts advise system administrators and users not to trust digital signatures without question and not to allow signed files to launch purely on the strength of the signature.

"Virus writers steal and imitate valid signatures to reassure the users and anti-virus solutions that the file is safe. Kaspersky Lab has seen this technique used by advanced persistent threat actors for several years,” said Andrey Ladikov, Head of Strategic Research at Kaspersky Lab.

For example, the notorious Stuxnet worm used certificates stolen from Realtek and JMicron. Also, the Winnti gang stole certificates  from compromised gaming companies and re-used them in new attacks. Moreover, there are examples of the same certificates being used in attacks launched by other groups of Chinese hackers, suggesting the existence of an underground market. The Darkhotel crew usually signed its backdoors with digital certificates and apparently had access to the secret keys needed to create fake certificates.