Hackers raid Adobe, compromise certificate to sign malware

By

Compromised cert to be revoked.

Hackers have broken into an internal server at Adobe to compromise a digital certificate that allowed them to create at least two files that appear to be legitimately signed by the software maker, but actually contain malware.


Adobe expects to revoke the compromised certificate later this week.

Product security and privacy director Brad Arkin said Windows software signed with the impacted certificate plus three Windows and Macintosh Adobe AIR applications would be affected.

"We have strong reason to believe that this issue does not present a general security risk. The evidence we have seen has been limited to a single isolated discovery of two malicious utilities signed using the certificate and indicates that the certificate was not used to sign widespread malware."

The company uncovered the breach after coming across two malicious utilities that appeared to be digitally signed with a valid Adobe certificate. It was unclear if the files were used in attacks.

An Adobe spokeswoman said the company had stringent security measures in place to protect its code signing infrastructure.

"The private keys associated with the Adobe code signing certificates were stored in Hardware Security Modules (HSMs) kept in physically secure facilities. We confirmed that the private key associated with the Adobe code signing certificate was not extracted from the HSM."

Arkin said signed samples were typically used in targeted attacks for privilege escalation and lateral movement within an environment after an initial machine compromise.

He said the 'build' server that was compromised was not configured according to Adobe's corporate standards, but that shortfall wasn't caught during the provisioning process.

He added that the affected server did not provide the adversaries with access to any source code for other products, such as the popular Flash Player and Adobe Reader and Acrobat software.

Valid digital certificates being used for illegitimate purposes have become a preferred hacker ploy of late. Most recently, the authors of the Flame virus used rogue Microsoft certs to spread the nefarious malware. Certificate authorities themselves also have been targeted.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
adobecertificateshackingmalwaresecurity

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?