TZUTC: -0500   
   MSGID: 646.consprcy@1:2320/105 2c47f1da   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Key trusted Microsoft platform exploited to enable malware, experts warn   
      
   Date:   
   Mon, 24 Mar 2025 15:26:00 +0000   
      
   FULL STORY   
      
   Cybersecurity experts have warned Trusted Signing, Microsofts code-signing   
   platform, is being abused to grant malware certificates and help it bypass   
   endpoint protection and antivirus programs.    
      
   Certificates are digital credentials that verify the authenticity, integrity,   
   and security of software. They use cryptographic keys to establish secure   
   communications and prevent tampering or impersonation, and are considered   
   crucial for encrypting sensitive data, ensuring secure transactions, and   
   maintaining user trust. In software development, code-signing certificates   
   validate that an application has not been altered after release.    
      
   Microsoft describes Trusted Signing as a, fully managed, end-to-end signing   
   solution that simplifies the certificate signing process and helps partner   
   developers more easily build and distribute applications.   
      
   Lumma Stealer and others   
      
   However, BleepingComputer reports multiple researchers observing threat    
   actors using Trusted Signing to sign their malware with short-lived,    
   three-day code-signing certificates.    
      
   Software signed this way will remain valid until the certificate is revoked,   
   which suggests that the malware could successfully bypass security solutions   
   for a lot longer.    
      
   The malware samples they analyzed were signed by "Microsoft ID Verified CS    
   EOC CA 01," it was said.   
      
   Among the campaigns abusing Microsoft are Crazy Evil Traffers crypto heist,   
   and Lumma Stealer.    
      
   One of the ways Microsoft seems to be tackling this issue is to only allow   
   certificates to be issued under the name of a company thats been operational   
   for at least three years.    
      
   However, individuals can sign up and get faster approval, if the certificate   
   is issued under their name.    
      
   Microsoft says it is constantly monitoring the landscape and revoking   
   certificates that were found to have been abused.    
      
   "When we detect threats we immediately mitigate with actions such as broad   
   certificate revocation and account suspension. The malware samples you shared   
   are detected by our antimalware products and we have already taken action to   
   revoke the certificates and prevent further account abuse, the company noted.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/key-trusted-microsoft-platform-exploite   
   d-to-enable-malware-experts-warn   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426