IEEE International Conference on Electro/Information Technology (IEMCON) · 2025

Evaluating Security Checks Against Malicious Payloads with Forged Signatures

Lalchandra Rampersaud, Behzad Ousat, Seyed Ali Akhavani, Javad Zandi, Selcuk Uluagac, Amin Kharraz

Abstract

Adversaries increasingly leverage diverse techniques to distribute malicious payloads across the web. One common, low-cost tactic is the hijacking of digital signatures and their attachment to malicious binaries, with the intent of deceiving both web browsers and operating systems. While code-signing certificates have traditionally served to verify the authenticity and integrity of software, adversaries now exploit these same certificates to evade detection mechanisms and facilitate the propagation of malicious code. This study seeks to empirically evaluate how modern web browsers respond to untrusted code by analyzing their reactions to signed malicious binaries. Our analysis shows that browsers' responses to certificate abuses may differ significantly, and the operating system may respond ineffectively potentially leaving end-users vulnerable to straightforward adversarial tactics. We also show that it is possible to significantly reduce the attack surface against certificate abuse with the use of a browser extension.

BibTeX
@inproceedings{rampersaud2025evaluating,
  title={Evaluating Security Checks Against Malicious Payloads with Forged Signatures},
  author={Rampersaud, Lalchandra and Ousat, Behzad and Akhavani, Seyed Ali and Zandi, Javad and Uluagac, Selcuk and Kharraz, Amin},
  booktitle={IEEE International Conference on Electro/Information Technology (IEMCON)},
  year={2025},
  doi={10.1109/IEMCON67450.2025.11381164}
}