Cybercriminals are abusing Microsoft’s Trusted Signing service by using the platform’s three-day certificates to code-sign malware. These signed malware are more likely to bypass security filters and can look like legitimate programs. While obtaining certificates via this platform is easier than getting Extended Validation (EV) certificates, researchers assert that the ambiguity over EV certificates has made the Trusted Signing service an attractive alternative for threat actors. Microsoft said it uses threat intelligence monitoring to find and revoke misused certificates and suspend accounts.
Banking malware up 3x, crypto phishing jumps 83%
The 2024 Financial Cyberthreats report from Kaspersky revealed that mobile banking malware incidents increased by a factor of 3.6, and cryptocurrency phishing attempts rose by
