Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates.
Threat actors have long sought after code-signing certificates as they can be used to sign malware to appear like they are from a legitimate company.
Signed malware also has the advantage of potentially bypassing security filters that would normally block unsigned executables, or at least treat them with less suspicion.
The holy grail for threat actors is to obtain Extended Validation (EV) code-signing certificates, as they automatically gain increased trust from many cybersecurity programs due to the more rigorous verification process. Even more important, EV certificates are believed to gain a reputation boost in…