Researchers Hide Malware Inside Digitally Signed Executables
“Cybercriminals can pack malware into digitally signed executables without breaking the signature, thus avoiding anti-virus detection, researchers say.
In a whitepaper presented at Black Hat USA 2016, Deep Instinct researchers reveal that it is possible to hide a malicious file with the ability to be executed within a file without breaking the normal PE (packed executable) execution (basically, without encrypting the main sections of the file).
Malware authors are constantly seeking means to evade detection and prevention solutions, and they frequently use packers and encryption techniques for that, because security solutions are efficient only if they can unpack the compressed or encrypted malicious content. Packed and encrypted files can be identified both on disk and during execution, but the researchers say that their newly discovered technique prevents that.”