Microsoft's Trusted Signing service is exploited by cybercriminals to code-sign malware using short-lived three-day certificates. These signed executables can bypass security filters. Criminals prefer this method due to easier access compared to Extended Validation certificates. Microsoft monitors and revokes misuse of their signing service, citing active threat intelligence measures.
Microsoft Trusted Signing Service Abused to Code-sign Malware
