This week experts at Chronicle published a study on signed malware registered on VirusTotal that states that most of the digital certificates used to sign malware samples found on VirusTotal in 2018 have been issued by the Certificate Authority (CA) Comodo CA (aka Sectigo).
Chronicle’s security researchers have analyzed submissions May 7, 2018, and May 7, 2019 discovering that out of a total of 3,815 signed malware samples, 1,775 were signed using a digital certificate issued by Comodo RSA Code Signing CA.
Experts from Sectigo analyzed the Chronicle’s findings and provided their response. According to Sectigo, most of the certificates used to sign the malware submitted to VirusTotal and issued by the company
Below the data provided by Sectigo:
“Unfortunately, recent press reports suggest the incorrect conclusion that Chronicle reported nearly 2000 such certificates for Comodo / Sectigo. Since this story ran, we have investigated all of the certificates attributed to Comodo / Sectigo. More than 90% of these were expired, previously revoked, or duplicate reports.” reads the post published by Sectigo.
The CA confirmed that is still investigating 25 certificates that labeled with “in process” status.
“These reported certificates did not match our records of Code Signing certificates from Comodo / Sectigo during our investigation. We are continuing to investigate these certificates.” reads the CA.
Sectigo encourages Chronicle or other researchers to report any misuse of its public certificates at:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.