Code Signing Certificates Up for Sale on the Dark Web

Updated on:
hacker face made with numbers
In a six-month investigation, researchers found that code signing certificates are being traded on dark web platforms for more than $1,200.

Venafi, an industry-leading machine identity protection provider, announced the worrying findings of a cybersecurity research project that was ongoing for six months.

The investigation brought to light the fact that code signing certificates are currently being sold in markets on the dark web.

These findings indicate that the authentication system that supports web applications may have been compromised.

Venafi sponsored the lengthy investigation, which was a collaborative effort from Cyber Security Research Institute (CSRI), University of Hertfordshire, Flashpoint and freelance security experts.

CSRI is a major research center that specializes in analyzing the risks associated with technology and how the effects of these risks play out in today’s world that depends largely on technology.

According to the findings, the certificates are readily available in dark web markets and are going for up to $1,200.

Your TOR usage is being watched

This hefty price tag essentially means that the certificates are costlier than handguns, credit cards, as well as counterfeit United States passports.

For comparison purposes, Venafi released a revealing infographic.

For the same amount, a dark web user can purchase any of the following: two handguns, six counterfeit drivers’ licenses, 48 targeted DDoS attacks, more than 300 credit cards as well as a fake U.S. passport.

A code signing certificate is a digital certificate containing information that completely identifies an entity or party, and is issued by a certificate authority.

By definition, it acts as a digital signature—the certificate binds the identity of the party to a public key which is related mathematically to a private key pair.

They are generally used to verify the authenticity of software. As such, the certificates are a vital component of enterprise and internet security.

The digital certificates are especially valuable on underground dark web markets for one reason. Malicious actors can utilize the certificates to spread malware across consumer devices and enterprise networks.

cyber security
The sold certificates are being used for malware attack

Security experts have known for some time now that these certificates are highly sought after by cybercriminals on the dark web.

The certificates are actively used to spread malware through consumer devices. CSRI chairperson Peter Warren noted that the investigation serves as evidence of a major market for digital certificates.

This means that there will be doubts regarding the current authentication system supporting the internet. According to Warren, technology systems have to be deployed to tackle the misuses of the certificates.

Kevin Bocek, Venafi chief security strategist, stated that the certificates can be traded a number of times before they lose their value.

This is one of the reasons why their sale is a lucrative business in underground markets.

Theresults of the report is a rude awakening to this authentication system that is heavily relied upon by many organizations.

As such, IT departments should assume that their applications and software cannot be trusted since they have no insight into which certificates they can trust. Failure to do so would be risking cyberattacks.

Hackers can utilize the digital certificates to bypass defenses and spread malware. Once hackers have access to the certificates, enterprises will find it very difficult to discover malware.

The researchers offered their insight into how organizations can handle this situation. Organizations need to have full intelligence and control over every digital certificate that is used and trusted.

But, this is easier said than done. On average, enterprises are largely unaware of thousands of certificates.

Because of this fact, firms have been advised to automate the discovery, reputation scoring and inventory of each code signing certificate in use. The certificates’ keys have to be protected, and usage controlled and audited.

The findings are more so worrying due to the fact that the investigation only scratched the surface of this dark web market commodity that seems to be cultivating a thriving underground market.

It is highly possible that there is an ongoing trade circling the dark web that would also involve VPN, SSH Key, TLS and other digital certificates in addition to the code signing certificates.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


  1. Anonymous

    Useless blab. No info on how this affects the everyday person that uses the web.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.