A malicious program disguised as a PDF-document that is sent to users via email.
The MalwareBytes company’s specialists have found banking Trojan that steals passwords, signed by a valid digital certificate issued by DigiCert.
DigiCert representatives confirm a certificate, but claim that it was issued to legally registered companies Buster Paper Comercial Ltda. Licenses are issued in accordance with the guidelines of the digital industry. With the use of certificates from DigiCert clear that they do not apply to malware. Once in DigiCert learned about the illegal activities associated with the certificate, it immediately recalled.
Detected by MalwareBytes malware disguised as a PDF-document, which is sent to the victims alleged in the letter mail and supposedly contains the invoice. As conceived by intruders, a file format will force users to open it, after which the program is installed on a PC keylogger, Steals banking credentials.
Additional elements of the Trojan downloaded to the device users from the site egnyte.com. The website administration has confirmed that one of the users are really stored in the resource malicious program, which can be shared with others. Subsequently account holder trojan was blocked, and the notification of the incident was sent to the organization of IC3, which is working with the FBI in the field of information security.
Details of the MalwareBytes report can be found here .