code signing
-
Microsoft disrupts malware-signing service tied to ransomware groups
Microsoft said it disrupted a malware-signing service that abused its Artifact Signing platform to issue more than 1,000 fraudulent certificates used by ransomware gangs and other cybercriminals.
-
Jamf finds MacSync macOS stealer delivered in signed, notarized Swift installer
Jamf researchers found a MacSync macOS stealer variant delivered in a code-signed, notarized Swift installer inside a DMG that could bypass Gatekeeper; Apple revoked the signing certificate and analysis links the payload to the rebranded Mac.c infostealer with remote command-and-control capabilities.
-
Acronis warns of ongoing ‘TamperedChef’ malvertising campaign using signed fake installers
Acronis Threat Research Unit says operators are using signed counterfeit installers in a global malvertising campaign dubbed TamperedChef to deploy a JavaScript backdoor, with infections concentrated in the U.S. and several industries affected; some variants have been used for advertising fraud while broader motives remain unclear.
-
Microsoft revokes more than 200 certificates used in fake Teams ransomware campaign
Microsoft said it revoked over 200 code signing certificates used by a group tracked as Vanilla Tempest to sign fake Microsoft Teams installers that delivered the Oyster backdoor and Rhysida ransomware; the company said it detected the activity in late September 2025 and has updated protections to flag the malicious signatures.
