Microsoft Trusted Signing exploited for malware certification

Cybersecurity experts are warning that Microsoft's Trusted Signing platform is being misused by criminals to help spread malware. This platform allows the signing of software with digital certificates that verify their authenticity. Criminals are creating malware signed with short-lived certificates that last only three days. This method can help the malware avoid detection by security programs for longer periods. Researchers found that these malicious programs were signed by a specific Microsoft certificate. Microsoft is taking action against this abuse. They monitor for improper use of certificates and revoke any that are found to be misused. The company has also set rules that only allow new certificates to be issued to businesses that have been around for at least three years. However, individuals can still get certificates more quickly. In response to the threat, Microsoft has already revoked several certificates linked to malicious activity. They stated that their antimalware products can detect the malware being distributed and are actively working to improve safety.