Cybercriminals are abusing Microsoft’s Trusted Signing service by using the platform’s three-day certificates to code-sign malware. These signed malware are more likely to bypass security filters and can look like legitimate programs. While obtaining certificates via this platform is easier than getting Extended Validation (EV) certificates, researchers assert that the ambiguity over EV certificates has made the Trusted Signing service an attractive alternative for threat actors. Microsoft said it uses threat intelligence monitoring to find and revoke misused certificates and suspend accounts.
Malicious Game Infects Steam Users With Info-Stealing Malware
Steam, a popular digital distribution platform for PC games, was recently forced to remove Sniper: Phantom’s Resolution after it was found to contain malware. Attacks
