CVE-2020-0601 (also known as "Chain of Fools" or "Curveball") is a Windows CryptoAPI Spoofing vulnerability found in the validation mechanism for Elliptic Curve Cryptography certificates. Exploitation of this could allow an attacker to sign a malicious executable using a spoofed code-signing certificate, leading to a man-in-the-middle (MITM) attack and decryption of sensitive information.
In order to assist customers and researchers, InQuest has released an additional layer of protection in the form of a YARA signature. This detection capability can help organizations strengthen their overall security posture, especially in situations where comprehensive patching may take some time.
YARA Signature ![](https://gallery.mailchimp.com/efc2b20ca746ae05450458690/images/74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png)