From zdnet.com
Backdoor and Trojan malware variants are being distributed through a new phishing technique that attempts to lure victims into accepting an “update” to website security certificates.
Certificate Authorities (CAs) distribute SSL/TLS security certificates for improved security online by providing encryption for communication channels between a browser and server — especially important for domains providing e-commerce services — as well as identity validation, which is intended to instill trust in a domain.