What does HEUR:Trojan.Multi.Blacert.a try and do?

[Dave R]

We have found the following trojan on one of our devices:

 

HEUR:Trojan.Multi.Blacert.a

 

Unfortunately the analyst deleted the file before we got a chance to investigate if it was a false positive or not.

 

I cannot find any details on this trojan other than some references to Kaspersky finding it.

 

Can anyone tell me anything about this malware? What are it’s exploit method or any protocols it tries to leverage?

 

Thanks in advance.

[Berny]

@Dave R Welcome.

Is the detection  available in Kaspersky → More Tools → Reports → (Select “Time”)

 

Link

 

[Dave715]

Hi, similar to another post unresolved post…

A Trojan was found and removed on my work computer.

What is  HEUR:Trojan.Multi.Blacert.a  intentions?

[Danila T.]

Hello,

This is a detection on the leaked Dell certificate that was used to sign the malware.

[Dave715]

Thank you Danila

 

Is this the Dell root certificate for which the private keys were leaked online? 

Is the below basically correct?

If your Dell PC contains this certificate, it might be vulnerable to this threat. A PC with this certificate could be vulnerable to SSL/TLS spoofing attacks, and can allow an attacker to digitally sign binaries so that they are trusted by the affected PC. This can give an attacker control over your PC and browsing experience.

The certificates can be found in Dell PCs running the following Windows operating systems:

• Windows 10
• Windows 8.1
• Windows 8
• Windows 7

An attacker can exploit a certificate using phishing or man-in-the-middle attacks to decrypt, modify or spoof HTTPS websites, such as banking, social media, or email websites.

This could allow a malicious hacker to steal your user names, passwords, and confidential data. They could also carry out transactions without your knowledge, even when it seems like you have a secure browser connection to a website.

[Danila T.]

@Dave715 Yes, that's right.