Mac Developer: To bypass code-signing checks, malware gang steals lots of certificates | Ars Technica
To bypass code-signing checks, malware gang steals lots of certificates | Ars Technica "There are lots of ways to ensure the success of an advanced hacking operation. For a gang called Suckfly, one of the keys is having plenty of stolen code-signing certificates on hand to give its custom malware the appearance of legitimacy.
Since 2014, the group has used no fewer than nine separate signing certificates from nine separate companies to digitally sign its hacking wares, according to a blog post published Tuesday by security firm Symantec.
Probably the only thing worse than "no security" is the illusion of security.
Labels: app security, codesigning