Kaspersky detects malware spread by fake security certificates
Kaspersky detects malware spread by fake security certificates

Kaspersky researchers have discovered a new way for hackers to spread malware. Researchers say digital criminals are spreading their malware online under the guise of fake security certificates. When the user tries to access the program, a window appears on the website warning the user that the website's security certificate is out of date and thus infects the program. The connection can only be created and opened by downloading and installing a new certificate on a computer. However, the malware on the victim's computer is downloaded to the device.

To date, two types of Trojans have been downloaded as a result of this attack: Mokes and Buerak, the first providing hidden access through the victim's computer back port, while the latter downloading other malware onto the affected device.

The back port is a very dangerous malware because the attacker's functionality allows it to control an affected system for sabotage purposes, especially since users cannot assume it is a device.

In the past, cyber criminals have used official app updates to spread malware, but the use of fake security certificates was a new thing that Kaspersky researchers noticed for the first time this year.

According to Kaspersky Security experts (Victoria Vasova), the risk of such attacks has increased on official websites. Part of the severity of this method is that the addresses listed in the fake window are the site's alarm (the original URL). She said on the web: "This makes the user feel safe and invites him to install a recommended certificate so they can see what they want. However, we always invite users. Be very careful when ordering content from an online source, be careful, this may not be Is the case. "

Kaspersky Internet Security products successfully detect and prevent this threat.

Kaspersky recommends that users do the following to avoid downloading potentially harmful software to their devices:
  • Check the words on the website and enter the company name.
  • Instead of clicking a link, enter the website address manually into your browser.
  • Use security solutions like Kaspersky Total Security to protect yourself from digital threats.

Related Topics :

Post a Comment

Previous Post Next Post