a couple of laughzillas on a blue diamond background

Let’s Encrypt’s free HTTPS certificates are already being used to distribute malware

Jan07
by on January 7, 2016 at 9:17 am
Posted In: Around the Web, HTTPS, Insider, Let's Encrypt, Malware, SSL, Trojan

shutterstock_242734360_encryption
It’s only been a month since certificate authority Let’s Encrypt opened up its beta program to offer free HTTPS certificates to the public, and hackers have already begun abusing the service to distribute malware through seemingly safe domains. In December, security firm Trend Micro spotted users in Japan accessing a malvertising server, which hosted the Angler Exploit Kit that downloaded a banking Trojan onto affected Windows machines automatically. The Trojan allowed hackers to remotely access those systems without users’ knowledge. The company says that the malvertisers used a technique called domain shadowing, in which attackers who have gained access to…

This story continues at The Next Web

└ Tags: ,