Security News > 2022 > January > ‘Malsmoke’ Exploits Microsoft’s E-Signature Verification

Threat actors are exploiting Microsoft's digital signature verification to steal user credentials and other sensitive information by delivering the ZLoader malware, which previously has been used to distribute Ryuk and Conti ransomware, researchers have found.

Researchers at Check Point Research discovered the cybercriminal group Malsmoke delivering the campaign, which they traced back to November 2021, according to a report posted online Wednesday.

"What we found was a new ZLoader campaign exploiting Microsoft's digital signature verification to steal sensitive information of users," warned Kobi Eisenkraft, a malware researcher at CPR. "People need to know that they can't immediately trust a file's digital signature."

For its part, Malsmoke previously used ZLoader to target people visiting adult pornography sites in November 2020 in a campaign that delivered the trojan through fake Java updates.

Dll as the parameter - which appears to be a Microsoft trusted file - to deliver the payload. "The file appContast.dll is signed by Microsoft, even though more information has been added to the end of the file," according to the report.

CPR advises that Microsoft users apply the company's update for strict Authenticode verification immediately to avoid falling victim to the campaign, especially since "It is not applied by default," Eisenkraft warned.

News URL

https://threatpost.com/malsmoke-microsoft-e-signature-verification/177363/