A hacker is using fake code-signing certificates impersonating cybersecurity firm Emsisoft to target customers using its security products, hoping to bypass their defenses.
Code signing certificates are digital signatures used to sign an application so that users, software, and operating systems can verify that the software has not been tampered with since the publisher signed it.
Threat actors attempt to take advantage of this by creating fake certificates whose name appears to be associated with a trustworthy entity but, in reality, are not valid certificates.
In a new security advisory, Emsisoft warned that one of its customers was targeted by hackers using an executable signed by a spoofed Emsisoft certificate. The company believes this was done to trick the customer into thinking any detections were a false positive and to allow the program to run.
“We recently observed an incident in which a fake code-signing certificate supposedly belonging to Emsisoft was used in an attempt to obfuscate a targeted attack against one of our customers,” said Emsisoft in the security advisory.
“The organization in question used our products and the attacker’s aim was to get that organization to allow an application the threat actor installed and intended to use by making its detection appear to be a false-positive.”
While the attack failed, and Emsisoft’s security software blocked the file due to the invalid signature, the company is warning its customers to stay vigilant against similar attacks.