It's been only a month since the Let's Encrypt certificate authority started a beta program to distribute free HTTPS certificates to the public, and hackers started abusing it services for distributing malware through seemingly safe websites.
In December, the company security Trend Micro εντόπισε ορισμένους χρήστες στην Ιαπωνία που είχαν μολυνθεί από ένα κακόβουλο διακομιστή, ο οποίος φιλοforeignin the Angler Exploit Kit. Trojans allowed hackers to gain remote access to infected systems without their owners knowing.
The company reports that malvertisers have used a technique called domain shadowing, with which they can gain access to a trusted domain (such as a bank's main site). This can lead users to their own server, which masks the password-aborting activity.
And to make the deception attempt more believable, they use one subdomains protected with Let's Encrypt's free security certificate (HTTPS).
In the case of the Trend Micro survey, the attackers hosted a malicious ad that seemed to be related to a legitimate domain.
The company says this was possible because Let's Encrypt checks domains against the Google safe browsing API before issuing new certificates. This of course does not stop attackers from obtaining a new certificate and creating subdomains with malware under the protection of a legitimate domain.
According to report of Trend Micro, the incident highlights the potential issues with the Let's Encrypt service and calls for the company to be ready to revoke certificates that have been misused.