Malware, Network Security

Malware signed with Sony certificate now thought to be researcher prank

Share

Malware that was signed with a Sony certificate hit Kaspersky's radar this week – but it appears a researcher, rather than malicious attackers, signed the malware as a prank.

After publishing its findings Tuesday on the Destover malware sample, Kaspersky updated its blog post on Wednesday once it got word of the “joke.”

Destover, also known as Wipall, is wiper malware that has been compared to other threats, like Shamoon and Jokra, a trojan used in the Dark Seoul attacks last year.

“Reports indicate the ‘researcher' reached out to the certificate authorities to get the certificate revoked after submitting the malware online,” Kaspersky's updated post revealed. On Twitter, security analyst Colin Keigher said that the researcher, “who doesn't want to be named,” found the Sony certificate, “then went and signed the malware” with it, before uploading the sample to VirusTotal.

Malware signed with Sony certificate now thought to be researcher prank

Kaspersky initially thought the malware signature might be the work of malicious attackers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.