The main advantage of using a valid certificate is to circumvent security systems, avoid suspicions and integrate with legitimate software.
According to SentinelLabs, the certificate belongs to PMG PTE LTD, Singapore’s Ivacy VPN. Hackers used vulnerable versions of software such as Adobe Creative Cloud and Microsoft Edge to distribute malware to target systems.
Note that the same certificate is used to sign the official Ivacy VPN installer. This may indicate that the company’s signature key has been stolen. This is a typical tactic of Chinese hackers.
If the certificate was indeed stolen, security researchers worry about what other information the attackers might have accessed.
At this time PMG PTE LTD has not made an official comment on this matter.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
