Microsoft Trusted Signing service abused to code-sign malware

Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. This allows the malware to appear legitimate and potentially bypass security filters. Microsoft is monitoring for misuse and revoking certificates as they are found.