Skip to main content
banner image
venafi logo

CertLock Trojan: Upping the Ante on Certificate Attacks

CertLock Trojan: Upping the Ante on Certificate Attacks

certlock trojan
June 12, 2017 | Emil Hanscom

Digital certificates act as identity and access management for machines, just as usernames and passwords protect the security of humans. Because certificates allow machines to communicate securely, they play an essential role in every organization’s digital ecosystem and our global economy. But these high stakes make certificates a lucrative bet for cyber criminals.

We have seen organized cyber crime invest in more and more attacks built around stolen or forged certificates. And now with CertLock, we are seeing a new wave of attacks that specifically target, and take advantage of, the importance of certificates.

In late May, members of a security forum received reports that users could not run or install security programs on their computers. What they saw instead was an alert that stated their publisher had been blocked. The source of this issue came from CertLock, a new Trojan that impedes security programs by disallowing their certificates. As a result, CertLock prevented signed installers from running, and prevented programs that executing blocked certificates. 

While cyber criminals have targeted certificates in the past, CertLock represents a new, and troubling, stage in certificate focused security incidents.

“The use of malicious certificates is nothing new: Stuxnet used stolen digital certificates to make sure it was seen as trusted software,” says Kevin Bocek, chief security strategist for Venafi. “Other malware variants, like SuperFish, have allowed cyber criminals get access to digital certificates so they can look inside of encrypted communications. However, CertLock ups the ante by telling Windows to refuse the digital certificates for security software.”

Researchers are already issuing tools to intercept the CertLock attack, but experts believe certificate attacks will only continue to evolve.

“This Trojan should serve as a reminder that every application, code and cloud service is a machine that is identified with a digital certificate,” concludes Bocek. “It’s imperative every organization know all the machine identities in use, and be able to change them on demand, just like we do with usernames and passwords."


Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more