This isn’t the first time Sony has been involved with malware, but it might be the first time they were involved without actually knowing about it.
Among the files stolen by Guardians of Peace during their attack on Sony Pictures were hundreds of digital certificates. Though normally certificate revocation is a top priority following a breach like this, it’s been nearly two weeks now and Sony still hasn’t pulled the trigger as of this morning.
The longer certificates like these float around, the more likely it becomes that someone is going to abuse them… and that’s exactly what happened. A sample of the Destover malware — the same malware that was used in the Sony attack — was spotted by Kaspersky researchers bearing a Sony Pictures signature.
Read more: http://www.geek.com/apps/sony-hackers-stole-digital-certificates-which-someone-used-to-sign-malware-1611372/