Security News > 2023 > August > Hackers use VPN provider's code certificate to sign malware

The China-aligned APT group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider.
According to SentinelLabs, which analyzed the campaign, the certificate belongs to PMG PTE LTD, a Singaporean vendor of the VPN product 'Ivacy VPN.'.
Exe malware sample was first found by security researcher MalwareHunterteam in May when they noted that the code-signing certificate was the same as one used for official Ivacy VPN installers.
An intriguing aspect of the observed attacks is using a code-singing certificate that belongs to PMG PTE LTD, the firm behind Ivacy VPN. In fact, the same certificate is used to sign the official Ivacy VPN installer linked to from the VPN provider's website.
If the certificate was stolen, security researchers are concerned about what else the threat actors had access to at the VPN provider.
PMG PTE LTD has not responded to this disclosure with a public statement, so the exact means by which the hackers gained access to the certificate remain unclear.
News URL
Related news
- Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)