The use of valid digital certificates has become the main weapon of a new malicious campaign, focused on compromising Windows systems to launch new cyber attacks.Called Blister, the threat would have a low detection rate by security software due to the use of different obfuscation tactics in scams that have been happening since at least September this year.The main one, according to the warning made by Elastic experts, is the use of a valid and updated certificate, provided by Sectigo on behalf of a company called Blist LLC.The pest may appear embedded in legitimate development libraries, software, or service updates.In either case, the use of the digital document allows the threat to be executed with administrator privileges and even the consent of the user, who trusts that signature as legitimate.Once executed, Blister remains dormant for the first few minutes, as a way to avoid monitoring and analysis during the installation of solutions.It then springs into action with remote access malware capable of leading to ransomware attacks, data theft, cryptocurrency mining, and lateral movement.It has already been used in strikes involving known pests such as Cobalt Strike and BitRAT.Even after launching additional attacks, Blister is able to remain in the operating system, disguise itself as a legitimate executable, and incorporate itself into the list of apps that are launched along with the operating system.Thus, it remains at the disposal of attackers for new scams, especially while the main security platforms are still unable to detect its existence.Elastic experts point to the use of legitimate certificates as a new alternative for criminals.Until then, there were multiple detections related to stolen signatures;now, however, companies whose systems have been compromised are used to place orders that also appear to be authentic to the providers of this type of guarantee, expanding the reach of these scams.According to Elastic, Sectigo has already been notified for the certificate used by Blister to be revoked.While the initial vectors of entry were not identified by experts, the company has released indicators of compromise and rules that can be used to detect malware activity on internal networks.Enter your email address on Canaltech to receive daily updates with the latest news from the world of technology.