Google researchers are warning that hackers are now using a flaw in digital signatures to bypass detection in Windows security. OpenSUpdater software uses this new technique.
Malware devs create malformed code signatures that appear to be valid when recognized by Windows. But the malware can’t be detected by the OpenSSL code used in its security scanners. And windows accepts, and OpenSSL rejects.
This tactic is actively used to push OpenSUpdater, classified as a form of riskware, to inject ads into victims’ browsers. And it also installs other malware onto their devices and PCs.
Because the OpenSSL-powered security solutions that parse digital signatures will bypass the samples’ maliciousness. It rejects the signature information as invalid, disrupting the malware detection process.
Once downloaded the adware program is impossible to control. And it shows you unwanted ads, as you try to browse the web.
Information about these breaches comes from OpenSUpdater samples sent to VirusTotal.
