Malware signed with stolen digital certs from gaming companies

A rash of breaches at companies that develop online video games has resulted in digital certificates being stolen from the companies and used in attacks targeting other industries and political activists. At least 35 gaming developer companies have been hacked in the last year-and-a-half by the so-called Winnti group, with one of the primary goals being to steal their digital certificates to use in other attacks. The digital certificate helped the hackers steal credentials for more than 35 million accounts on the gaming/social networking sites.

Takeaway: The use of compromised legitimate digital certificates to sign malware has become a popular hacking technique ever since the Stuxnet worm was exposed in 2010. The attackers behind Stuxnet, believed to be in the U.S. and Israel, used a legitimate digital certificate stolen from the RealTek company in Taiwan to sign a driver used in their attack, which targeted the uranium enrichment program in Iran.