Industry News

Digital Code Signing Certificates Are Priciest Goods on the Dark Web

Recent investigations have revealed that valid software code signing certificates are in high demand on the Dark Web, outpricing stolen credit card data, fake passports, and even guns. Threat actors could abuse these valid, but stolen, certificates, which are implicitly trusted by the operating system, to install malware on victim PCs without triggering any bells and whistles.

With bids as high as $1,200 for a single certificate, researchers believe this trend could undermine the entire authentication system the internet is based on. Besides using these certificates to plant malware, they could be used to perform man-in-the-middle attacks, impersonate legitimate websites and, ultimately, to exfiltrate sensitive data.

“We’ve known for a number of years that cybercriminals actively seek code signing certificates to distribute malware through computers,” said Peter Warren, chairman of the CSRI. “The proof that there is now a significant criminal market for certificates throws our whole authentication system for the internet into doubt and points to an urgent need for the deployment of technology systems to counter the misuse of digital certificates.”

Malware developers have long bundled valid code signing certificates with malware to infiltrate victims’ systems, with the promise of installing (rogue) security solutions or PC optimization software. As stolen certificates are difficult to identify and tag as malicious unless the party from who they were stolen from reports the incident, companies can be caught off guard and exposed to risks.

Consequently, any organization with certificates that may have been compromised, must contact their certification authority (CA) and update their certificate revocation list (CRL) with the stolen certificates.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.