Security News > 2020 > March > Fake alerts about outdated security certificates lead to malware

Fake alerts about outdated security certificates lead to malware
2020-03-05 13:38

Cyber criminals have been trying out a new approach for delivering malware: fake alerts about outdated security certificates, complete with an "Install" button pointing to the malware.

The malware peddlers behind this scheme are obviously counting on users not knowing exactly what a security certificate is and that they are not responsible for keeping it updated, as well as exploiting users' desire to keep themselves safe online.

Users who fall for the trick and click on the "Install" button are served with malware.

Malware peddlers have been using fake alerts urging users to download a new version of specific, widely used software for years, but alerts about outdated security certificates are just a new twist on a very old trick.

Kaspersky's warning also comes at a moment when users' chance to see security-certificate-related alerts is higher than usual, as the Let's Encrypt certificate authority started revoking millions of TLS/SSL certificates on Wednesday.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/SPgSQ6-8ZOo/