>In this attack, it redirects to a Secret Blizzard-controlled domain that likely displays a certificate validation error and gets the user to download and execute ApolloShadow. If the device isn't running on default admin settings, the user is presented with a pop-up window that tells them to download fake certificates, named CertificateDB[.]exe, which gives the attackers elevated privileges.
While this is certainly troubling, it's at it's heart a phishing message.
It sounds like if you don't get tricked into installing weird Russian certificates, your HTTPS traffice can travel unmolested.
Twenty years ago, they'd have been snarfing up passwords sent in the clear and redirecting without a single warning to the user -- the fact they use this technique shows that the encryption and integrity checks present in modern TLS are working as intended.
>In this attack, it redirects to a Secret Blizzard-controlled domain that likely displays a certificate validation error and gets the user to download and execute ApolloShadow. If the device isn't running on default admin settings, the user is presented with a pop-up window that tells them to download fake certificates, named CertificateDB[.]exe, which gives the attackers elevated privileges.
While this is certainly troubling, it's at it's heart a phishing message.
It sounds like if you don't get tricked into installing weird Russian certificates, your HTTPS traffice can travel unmolested.
Twenty years ago, they'd have been snarfing up passwords sent in the clear and redirecting without a single warning to the user -- the fact they use this technique shows that the encryption and integrity checks present in modern TLS are working as intended.