After Sony’s passwords and security certificates leaked in plain-text, we’ve now reportedly seen the first piece of malware in the wild sporting Sony’s stolen security certificate.
Kaspersky Labs reports that a new piece of malware called ‘Destover’ was compiled on December 5th uses the company’s security certificate to attack some Windows machines.
Sony’s security certificates are trusted by some security solutions by default, meaning that computers are more likely to be infected without detection. Virustotal’s detection page notes that the malware is picked up by antivirus software around 65% of the time.
It’s not entirely clear what the ‘Destover’ malware does, but Kaspersky says that it contains two backdoors that connect to remote IP addresses for instructions.
Kaspersky Labs says it’s reported the security certificates to numerous certificate authorities and hopes that it will be blacklisted soon.
➤ Malware Now Digitally Signed by Sony Certificates [Securelist]