Blog
97
Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Emsisoft Says Hackers Are Spoofing Its Certificates

Now Reading
Emsisoft Says Hackers Are Spoofing Its Certificates

Contents
hackers spoof Emsisoft certificates

Experts from the information security company Emsisoft have warned that attackers are spoofing and using certificates for code signing, posing as Emsisoft. Attackers target a company’s customers using its products in the hope of bypassing their protection.

Let me remind you that we also wrote that Antivirus solution provider Emsisoft reported data leak, and we did a review: Emsisoft Anti-Malware Review 2022 – Is It Any Good?

Emsisoft says in its security bulletin that one of its customers was recently targeted by hackers who used an executable signed with a fake Emsisoft certificate.

We recently observed an incident in which a fake code-signing certificate purporting to be from Emsisoft was used to cover up a targeted attack against one of our customers. This organization was using our products, and the attackers’ goal was to force the organization to allow the application that the attackers had installed and intended to use by writing off its detection as a false positive.<span class="su-quote-cite">Emsisoft said.</span>

Although the attack failed and Emsisoft software blocked the hackers’ file due to an invalid signature, the company warns customers to be vigilant against such attacks.

According to Emsisoft experts, the attackers probably gained initial access to the compromised client device using RDP brute force or used stolen credentials belonging to an employee of the attacked organization.

Once they gained access, the attackers attempted to install the legitimate open source MeshCentral application for remote access, which is usually trusted by security solutions. However, the MeshCentral executable in this case was signed with a fake Emsisoft certificate claiming to be issued by a “trusted Emsisoft Server network CA”.

hackers spoof Emsisoft certificates

As a result, the Emsisoft software scanned the file, but marked it as “Unknown” due to an invalid signature and placed it in quarantine.

It is noted that if an employee of the target company perceived this warning as a false positive, he could allow the application to run, and attackers could gain full access to the device.

This incident demonstrates that organizations need to have multiple layers of protection. So that if the attack could not be blocked at one level, it was done at another level.<span class="su-quote-cite">Emsisoft says.</span>

Let me also remind you that the media reported that Emsisoft Released a Free Tool to Decrypt Data Corrupted by AstraLocker and Yashma.

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
Posted In
Blog
Tags
Emsisoft, hackers, MeshCentral
, ,
About The Author
Vladimir Krasnogolovy
Comments
Leave a response

Leave a Response