digital certificates Archives

Tech Optimizer

September 22, 2025

Threat Actors Market Stealthy New RAT as Alternative to ScreenConnect FUD

Cybersecurity researchers have identified a sophisticated Remote Access Trojan (RAT) being marketed as a fully undetectable alternative to the legitimate ScreenConnect remote access solution. This malware evades security measures like Google Chrome and Windows SmartScreen by bundling itself with valid Extended Validation (EV) certificates, allowing it to appear legitimate and evade detection. The RAT employs a comprehensive evasion toolkit, including antibot mechanisms and cloaked landing pages, to mislead automated security scanners while delivering malicious payloads. It utilizes fileless execution techniques via PowerShell commands, enabling it to operate without leaving traditional file traces. The malware provides attackers with real-time control over compromised systems, facilitating data exfiltration and system manipulation. The sales strategy of the threat actors indicates a mature cybercrime-as-a-service model, with the tool marketed as a "FUD loader" for establishing persistent access before deploying secondary payloads. This trend highlights an increasing focus on exploiting user trust in legitimate brands and undermining security technologies, particularly through the use of valid EV certificates. Security professionals are warned to expect more instances of brand impersonation and sophisticated evasion techniques.

Tech Optimizer

September 13, 2025

Researchers Uncover Undetectable Malware Draining Crypto Browser Wallets

A new strain of malware called ModStealer has emerged, capable of evading antivirus detection while targeting cryptocurrency wallets on Windows, Linux, and macOS. It has reportedly gone undetected by major antivirus engines for nearly a month and is being disseminated through deceptive job recruitment ads aimed at developers. ModStealer scans for browser-based cryptocurrency wallet extensions, system credentials, and digital certificates, exfiltrating the data to remote Command and Control servers. On macOS, it uses a persistence method to run automatically at startup, disguising itself as a benign program. It combines persistence with strong obfuscation techniques, making it resilient against traditional security measures. The malware poses significant risks to cryptocurrency users and platforms, with potential compromises of private keys and wallet data leading to asset losses and large-scale exploits.

Tech Optimizer

September 12, 2025

Modstealer malware bypasses antivirus, targets crypto wallets

A newly identified strain of malware called ModStealer can bypass antivirus protections to steal data from cryptocurrency wallets on Windows, Linux, and macOS. It operated undetected for nearly a month, infiltrating systems through misleading job advertisements targeting software developers. ModStealer has multi-platform support and a stealthy execution chain, allowing it to launch simultaneous attacks across various operating systems. Upon execution, it scans for browser-based cryptocurrency wallet extensions, system credentials, and digital certificates. On macOS, it disguises itself as a background helper program to ensure continuous operation. Indicators of potential ModStealer infections include a hidden file named “.sysupdater.dat,” outbound connections to suspicious servers, unexpected background processes, unusual behavior from wallet extensions, and unauthorized access attempts to digital certificates. The malware poses significant risks to individual users by compromising private keys and seed phrases, and it could lead to large-scale thefts in the cryptocurrency industry. To protect against ModStealer, users are advised to use hardware wallets, enable multi-factor authentication, update antivirus software, avoid suspicious job ads, monitor startup processes, back up seed phrases offline, and use separate devices for transactions.

Winsage

August 14, 2025

Microsoft confirms CertificateServicesClient error in Windows 11 24H2, but you can ignore it

Users of Windows 11 24H2 may encounter an error message related to the CertificateServicesClient following the installation of the July 2025 non-security preview update and subsequent updates, including the August 2025 security patch. Microsoft has acknowledged that users might see an entry in the Event Viewer logs with Error ID 57, stating: “The ‘Microsoft Pluton Cryptographic Provider’ provider was not loaded because initialization failed.” This error does not affect active applications and is considered a false positive. Microsoft recognized this bug on August 11, but it could not be addressed before the mandatory Patch Tuesday update on August 12, leading to a broader impact on devices. Additionally, users have reported a separate issue causing a Blue Screen of Death (BSOD) in VR gaming after repeated update reinstalls. Another issue involved the SgrmBroker service, which failed to start and generated unnecessary logs, but does not disrupt other system functions. The August 2025 Update has also introduced installation errors.