No longer just a spy game
Malware that is signed with compromised certificates creates a means for hackers to bypass system protection mechanisms based on code signing.
The tactic extends far beyond high profile cyber-spying ops, such as the Stuxnet attack against Iranian nuclear processing facilities or the recent CCleaner-tainted downloads infection.
Security researchers at the University of Maryland found 72 compromised certificates after analysing field data collected by Symantec on 11 million hosts worldwide.
"Most of these cases were not previously known, and two thirds of the malware samples signed with these 72 certificates are still valid, the signature check does not produce any errors," Tudor Dumitras, one of the researchers, told El Reg.
"Certificate compromise appears to have been common in the wild before Stuxnet, and not restricted to advanced threats developed by nation-states.