Bleeping Computer

The Market of Stolen Code-Signing Certificates Is Too Expensive for Most Hackers

There's a thriving underground market for buying and selling code-signing certificates meant to help malware pass unnoticed by security scanners, but according to new research, the prices for such ...
Bleeping Computer

Hackers use VPN provider's code certificate to sign malware

The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the ...
Ars Technica

To bypass code-signing checks, malware gang steals lots of certificates

There are lots of ways to ensure the success of an advanced hacking operation. For a gang called Suckfly, one of the keys is having plenty of stolen code-signing certificates on hand to give its ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...
CRN

Bit9 Admits Systems Breach, Stolen Code-Signing Certificates

Waltham, Mass.-based Bit9 said the intellectual property at the core of its application whitelisting software was not exposed in the breach. An attacker can use stolen digital code-signing ...
WeLiveSecurity

Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign

ESET researchers have discovered a new malware campaign misusing stolen digital certificates. We spotted this malware campaign when our systems marked several files as suspicious. Interestingly, the ...