Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims. New research by Recorded Future’s Insikt Group found that hackers and malicious actors are obtaining legitimate certificates from issuing authorities in order to sign malicious code. That’s contrary to the view that in most cases certificates are stolen from companies and developers and repurposed by hackers to make malware look more legitimate.
ORIGINAL SOURCE: ZDNet