Cybercriminals are siding with the idea that more is better when it comes to piling on digital security certificates to their malware with the hope that the targeted computer will deem the malicious code safe.
The impetus behind this action is the discontinuation of use of the SHA1 algorithm, Symantec reported in a blog. With Microsoft halting SHA1 support as of Jan. 1, 2016, organizations shifted to using SHA2. So, Symantec noted, criminals are now placing both with their malware – with SHA1 listed as the primary certificate and SHA2 as the backup.
“One benefit is that multiple digital signatures make files seem more legitimate. A second, and perhaps more crucial benefit, is that files signed with multiple digital certificates maintain their signed state even after one of the signatures has been revoked,” Symantec wrote.