Bleeping Computer

Hackers use VPN provider's code certificate to sign malware

The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the ...
Ars Technica

To bypass code-signing checks, malware gang steals lots of certificates

There are lots of ways to ensure the success of an advanced hacking operation. For a gang called Suckfly, one of the keys is having plenty of stolen code-signing certificates on hand to give its ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...
CRN

Bit9 Admits Systems Breach, Stolen Code-Signing Certificates

Waltham, Mass.-based Bit9 said the intellectual property at the core of its application whitelisting software was not exposed in the breach. An attacker can use stolen digital code-signing ...