Microsoft has disrupted an online service accused of selling fake code-signing certificates used by ransomware groups to make malware appear legitimate.
News Content
Microsoft has taken action against an online cybercriminal service known as Fox Tempest, which was reportedly selling fake code-signing certificates to ransomware groups.
According to reports, these certificates were used to make malicious software appear trusted, helping attackers bypass security controls and make their malware look like legitimate software.
The operation was carried out with legal support, allowing Microsoft to seize domains, websites, and cloud resources linked to the activity. Microsoft said the group was connected to the creation of more than 1,000 fake certificates and hundreds of related cloud accounts.
Code-signing certificates are normally used by software developers to prove that an application is trusted and has not been modified. When abused by attackers, they can help malware avoid detection and increase the chances of successful infection.
The takedown is considered an important step against ransomware infrastructure, but Microsoft warned that cybercriminals are likely to continue looking for new ways to abuse digital trust systems.
Source: Axios / Microsoft reporting.