Summary: Cybercriminals are exploiting Microsoft’s Trusted Signing platform by using it to sign malware executables with short-lived three-day certificates. This tactic allows signed malware to bypass security filters, as it appears legitimate. Threat actors find this method more accessible compared to obtaining Extended Validation (EV) code-signing certificates, which are harder to acquire and often revoked after use.
Affected: Microsoft Trusted Signing platform
Keypoints :
- Cybercriminals are signing malware with three-day certificates from Microsoft’s Trusted Signing service.
- Signed executables can evade security measures typically aimed at unsigned applications.
- Microsoft is actively monitoring and revoking compromised certificates to combat abuse.