The heart of tech

This article was published on December 9, 2014


Malware reportedly spotted in the wild using Sony’s security certificate

Malware reportedly spotted in the wild using Sony’s security certificate
Owen Williams
Story by

Owen Williams

Former TNW employee

Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their word Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their words friendlier. In his spare time he codes, writes newsletters and cycles around the city.

After Sony’s passwords and security certificates leaked in plain-text, we’ve now reportedly seen the first piece of malware in the wild sporting Sony’s stolen security certificate.

Kaspersky Labs reports that a new piece of malware called ‘Destover’ was compiled on December 5th uses the company’s security certificate to attack some Windows machines.

Sony’s security certificates are trusted by some security solutions by default, meaning that computers are more likely to be infected without detection. Virustotal’s detection page notes that the malware is picked up by antivirus software around 65% of the time.

It’s not entirely clear what the ‘Destover’ malware does, but Kaspersky says that it contains two backdoors that connect to remote IP addresses for instructions.

Kaspersky Labs says it’s reported the security certificates to numerous certificate authorities and hopes that it will be blacklisted soon.

➤ Malware Now Digitally Signed by Sony Certificates [Securelist]