Researchers at a cybersecurity firm have uncovered a new family of malware they call Spymel. The infected files are attached to sophisticated phishing emails, and once downloaded, begin logging keystrokes and other user activity. This particular malware avoids detection by utilizing stolen digital certificates that most systems recognize as legitimate.
Not only will the malware log activity and send it to the attacker, but it will also disable the tools designed to stop the file from executing.
Interestingly, within just a few days of revoking the compromised certificate, researchers detected a variant of the malware using another certificate issued to the same company. Jeremy Seth Davis "Malware using legit certs to avoid detection, surveil users," www.scmagazine.com (Jan. 11, 2016).