Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

A slightly on-the-nose depiction of malware. Photo: ullstein bild / Getty

Researchers at Recorded Future profiled the only two large sellers of fraudulently acquired “software certificates” in a new report. With prices as low as $299, the illicit certificates can evade some digital defenses on the cheap.

Why it matters: Software certificates are essentially a high-tech way for computers to ask a trusted third party, “hey, have you ever heard of this program?” If that system breaks down, unsuspecting users may end up installing malware without any warning.

  • The details: For between $299 (for a low-end certificate from the antivirus firm Comodo, allowing a program to start building a reputation for not being malicious) and $1,599 (for a certificate from Symantec that already has passed those filters) a criminal can purchase certificates through one of the vendors.
  • The nitty-gritty: The vendors both appear to be selling primarily to a Eastern European market through hacker forums.
  • Does it work? It sure seems to. The report found that malware that was caught by eight mostly high-end antivirus programs was only caught by two antivirus programs after adding the fraudulent certificate.
    • “It can effectively be used to obfuscate malware from any antivirus program,” Andrei Barysevich, the researcher behind the report, told Axios.
  • Only two? Recorded Future is a threat intelligence firm that operates like a search engine for the darkest corners of the internet that search engines are unable to access. Their search and consultation with experts only turned up the two major vendors of fake certificates.

Go deeper

16 mins ago - Politics & Policy

Trump leaves White House for the final time

President Trump took off on Marine One at 8:17 a.m on Wednesday morning, departing the White House for the last time, en route to Florida.

The big picture: Trump's final hours will be marked by snubbing his successor and granting pardons to many of his allies who have been swept up in corruption scandals.

Inauguration Day dashboard

Screenshot: Fox News

President Trump has left the White House en route to a farewell event at Andrews Air Force Base, kicking off the day that will culminate with President-elect Joe Biden taking office.

What's next: The inaugural celebration for young Americans is being livestreamed, starting at 10am.

Dion Rabouin, author of Markets
1 hour ago - Economy & Business

Janet Yellen said all the right things to reassure the markets

Illustration: Aïda Amer/Axios

Treasury Secretary nominee and former Fed chair Janet Yellen's confirmation hearing before the Senate Finance Committee on Tuesday showed markets just what they can expect from the administration of President-elect Joe Biden: more of what they got under President Trump — at least for now.

What it means: Investors and big companies reaped the benefits of ultralow U.S. interest rates and low taxes for most of Trump's term as well as significant increases in government spending, even before the coronavirus pandemic.