Researcher hides stealthy malware inside legitimate digitally signed files

Posted on 05-08-2016 , by: admin , in , 0 Comments

A new technique allows attackers to hide malicious code inside digitally signed files without breaking their signatures and then to load that code directly into the memory of another process.

The attack method, developed by Tom Nipravsky, a researcher with cybersecurity firm Deep Instinct, might prove to be a valuable tool for criminals and espionage groups in the future, allowing them to get malware past antivirus scanners and other security products.

The first part of Nipravsky’s research, which was presented at the Black Hat security conference in Las Vegas this week, has to do with file steganography — the practice of hiding data inside a legitimate file.

While malware authors have hidden malicious code or malware configuration data inside pictures in the past, Nipravsky’s technique stands out because it allows them to do the same thing with digitally signed files. That’s significant because the whole point of digitally signing a file is to guarantee that it comes from a particular developer and hasn’t been altered en route.