Trendmicro Alerts of a digitally signed malware
New malware has been reported by Trendmicro that are using an expired Opera code signing certificate. The malware is detected as TSPY_FAREIT.ACU and it is able to steal sensitive information from FTP clients including usernames, passwords, and server names.
The spyware not only grab information from FTP application but it also collects internet web browsers stored information that users will save during navigating online websites for example social network, banking and commercial website.
Using certificate by cybercriminals aim to trick users on running the malicious software and evade antivirus detection, so a signed malware will be authenticated and trick people to trust running this virus. Many malware brand have used in the past the digital certificate to evade operating system security such as duqu, Stuxnet and flame. Here if the victim has not the appropriate security software on local computer all sensitive information is going to be sent to remote attackers.
According to Opera “It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate.”
you can read TrendMicro blog entry on the following link.